Year-Long Phishing Campaign Targets Energy, Oil & Gas Companies Using Spoofed B2B Correspondence

Year Long Phishing Campaign Targeting Oil and Gas CompaniesUncovered by the research team at cloud protection vendor Intezer, this new phishing campaign seeks to steal information and position each victim as the foothold to spear phish additional companies.

I love seeing the big picture; it let’s me know my educated guesses about who, why, and what’s next based on attack after attack I’ve seen are all pretty well-founded. In the case of this latest attack documented by security researchers at Intezer, we get to see the entire picture from start to finish. And it appears the Energy sector (and a few related industries) have been the target of a phishing campaign spanning over one year.

The campaign uses some traditional tactics we’ve all seen before to phish the user into taking the bait. Emails appear to be legitimate correspondence, usually related to requests for quotations (RFQ), contracts, and references to real projects related to the business of the victim company. An example from Intezer is below:













Source: Intezer

Sender addresses use lookalike domains, forged email headers, and spoofed email addresses of real individuals to convince potential victims into engaging with malicious attachments – usually IMG, ISO, or CAB files containing .NET-based malware including Formbook and Agent Tesla, which can steal banking info, credentials, and more, as well as provide remote access to threat actors.

And, because much of the malware this campaign uses is fileless – meaning, it installs directly to memory, many AV solutions miss this. So, it’s necessary to ensure the human element of your security strategy is fully engaged via Security Awareness Training so they can see through the spoofing tactics and immediately know something is off before they even begin to think about clicking on that link or attachment.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Cybersecurity Awareness Month Resource Kit

Get the latest about social engineering

Subscribe to CyberheistNews