Cybercriminals target the oil and gas industry with high-profile spearphishing campaigns targeted by shipping companies and engineering contractors as they try to infect them targets them with malware payloads Agent Tesla.
Agent Tesla is an .Net-based information theft program and commercially available since at least 2014 that comes with keyboarding and remote access capabilities. Trojan (RAT).
What makes these campaigns stand out is the fact that this is the first time that Tesla has been developed as part of the attacks targeting the oil and gas sector.
Abuse of fame and inner knowledge
While the attacks are not as advanced as others that have been targeted in the past Companies energy, their timing is correct as they were active before and during a week-long marathon of meetings and calls between the OPEC + alliance (Organization of the Petroleum Exporting Countries) and the Group of 20 nations that ended with a historic agreement to reduce global oil production.
This "suggests motivation and interest in learning how specific countries plan to address the issue," as described in detail in a previous report shared with BleepingComputer by researchers at Bitdefender who located and analyzed these attacks.
In one of the spearphishing campaigns, hackers falsified and abused the reputation of the Egyptian state oil company ENPPI (Engineering for Petroleum and Process Industries), a company with experience in oil and gas projects in both onshore and offshore.
“The second spearphishing campaign used legal information about a chemical / oil tanker, as well as the industry, to do the e-mail believed in the victims from the Philippines ", the Bitdefender report states.
In both cases, the attackers used malicious attachments to deliver the Agent Tesla info-stealer, trying to infect recipients and collect credentials and sensitive information transferred to their command and control servers.
The energy sector is becoming more and more a target in 2020
However, as reported in a report, these attacks "also target other energy sectors that have been classified as critical during this Coronavirus pandemic."
After examining the victims' profiles, Bitdefender found that the attackers were also targeting charcoal processing entities, major carriers. goods, hydraulic plants and raw material manufacturers.
"Since October 2019, the global evolution of cyber-attacks on the energy industry has been steadily increasing on a monthly basis, with February the peak of 2020 ", says Bitdefender.
"With more than 5.000 malicious reports from companies operating in the energy sector, criminals in cyberspace They seem to be very interested in this area, perhaps because it has become more important after the recent fluctuations in oil prices. ”