Year-Long Cyber-Espionage Campaign targets Oil & Gas
Through the use of sophisticated social engineering tools, a global effort has been launched to steal information from energy companies.
Large international companies in the oil and gas industry have been the target of a cyber attack that has been underway for more than a year now. The attackers are spreading common remote access trojans, otherwise known as RATS, to sabotage the industry.
According to researchers, the attackers have been using spear-phishing emails containing malicious attachments to drop various RATS on infected machines. The emails are designed following the concept of typosquatting. The email addresses used in the “From” field are typosquatted or spoofed to look like emails from actual companies that would be familiar to the targets. Some of the means they use are Agent Tesla, Formbook, Loki, and many others. They aim to steal sensitive information, including banking and browser information and even logging keyboard strokes.
Apart from oil and gas, the attackers have also targeted a few organizations in the IT, media, and manufacturing sectors. While the main target are South Korean companies, victims have also been identified from Germany, United States, and the Middle East.
Researchers mentioned that “…in the event of a successful breach, the attacker could use the compromised email account of the recipient to send spear-phishing emails to companies that work with the supplier, thus using the established reputation of the supplier to go after more targeted entities.”