Cybercriminals target the oil and gas industry with high-profile spearphishing campaigns targeted by shipping companies and engineering contractors as they try to infect them targets them with malware payloads Agent Tesla.
Agent Tesla is an .Net-based information theft program and commercially available since at least 2014 that comes with keyboarding and remote access capabilities. Trojan (RAT).
What makes these campaigns stand out is the fact that this is the first time that Tesla has been developed as part of the attacks targeting the oil and gas sector.
Abuse of fame and inner knowledge
While the attacks are not as advanced as others that have been targeted in the past Companies energy, their timing is correct as they were active before and during a week-long marathon of meetings and calls between the OPEC + alliance (Organization of the Petroleum Exporting Countries) and the Group of 20 nations that ended with a historic agreement to reduce global oil production.
This "suggests motivation and interest in learning how specific countries plan to address the issue," as detailed in a report previously shared with BleepingComputer by Bitdefender researchers who identified and analyzed these attacks.
In one of the spearphishing campaigns, hackers falsified and abused the reputation of the Egyptian state oil company ENPPI (Engineering for Petroleum and Process Industries), a company with experience in oil and gas projects in both onshore and offshore.
"The second spearphishing campaign used legal information about a chemical / oil tanker, as well as industry, to make the emails "Trust the victims from the Philippines," said a Bitdefender report.
In both cases, the attackers used malicious attachments to deliver the Agent Tesla info-stealer, trying to infect recipients and collect credentials and sensitive information transferred to their command and control servers.
The energy sector is becoming more and more a target in 2020
However, according to a report, these attacks "also target other energy sectors that have been identified as critical during this Coronavirus pandemic."
After examining the victims' profiles, Bitdefender found that the attackers were also targeting charcoal processing entities, major carriers. goods, hydraulic plants and raw material manufacturers.
"Since October 2019, the global evolution of cyber attacks in the energy industry has been growing steadily on a monthly basis, with the February of 2020 to be the culmination ", says Bitdefender.
"With more than 5.000 malicious reports from companies operating in the energy sector, criminals in the cyberspace "They seem to be very interested in this sector, perhaps because it has become more important after the recent fluctuations in oil prices."