A hacker from the MalwareMustDie security research work group reached out to Eskom on Twitter today to warn the utility that a user had installed malware on their machine.
According to the researchers, an Eskom employee with the username “[email protected]” installed a trojan on their machine after downloading a fake Sims 4 installer.
All of the person’s credentials were stolen, including their company credentials, the hacker warned.
Initially Eskom disputed the accuracy of the hacker’s claims, stating that the username provided is not one used on its network. The utility has since deleted this tweet.
In response, the hacker posted more details relating to the compromised user, including their name, additional usernames, and a screenshot of the person’s desktop.
A search for the person’s name on LinkedIn showed two profiles for people working at Eskom: a technical advisor, and a senior infrastructure advisor.
The national spokesperson for Eskom, Khulu Phasiwe, told MyBroadband that the utility’s head of information technology is aware of the issue and that the IT team is investigating.
Eskom subsequently responded to the hacker on Twitter:
This has been investigated and the necessary actions have been taken. Thank you for bringing it to our attention.
Dear @Eskom_SA . Please investigate on your user "[email protected]". There is a trojan on here machine. All her credentials were stolen. (Including here company credentials)
Malware location: "C:ProgramDataGentlesMusiccert.exe"
Computer: DESKTOP-6T3OPUK#malwaremustdie #malware
— .sS.! (@sS55752750) February 4, 2019