The collapse of oil prices is the most serious catastrophe that is affecting the industry and it is now accompanied by the attack of cybercriminals who are spreading the spyware Agent Tesla targeting companies and employees in the oil industry.
This has been revealed by Bitdefender researchers who have discovered two different spear-phishing campaigns. This is a well-conceived cyberattack that comes in the form of a perfectly constructed email that looks like an authentic message from an authorized sender. Two scams have been analyzed.
The Egyptian oil company
The first case analyzed was detected on March 31st and involved the Egyptian state-owned oil company Enppi (Engineering for Petroleum and Process Industries), allegedly the sender of the emails that actually hid the malware.
The emails contained an invitation to bid for equipment and materials for a real existing project, Rosetta Sharing Facilities Project, on behalf of the well-known gas company, Burullus.
The email contained nothing to arouse the suspicion of a cyber attack among its recipients. The Trojan was contained in the attachments. This email was sent to several representatives of companies in the industry around the world.
The tanker from the Philippines
This first attack was followed by another one dated April 12th. In this case, the email impersonated a shipping company and contained information about a real existing tanker, using specific technical language. In this case too, the message was well constructed, so much so that it seemed truthful and deceived the victims, this time located in the Philippines.
The Agent Tesla spyware
Agent Tesla has been a known spyware since 2014. Whoever is sending it has purchased a real license to use it. Once it has been injected, it steals the victims’ login data and the latest versions even go so far as to steal the wifi credentials with which the entire network can be compromised.
This malware and other cyber attacks have been affecting the energy industry not only during this turbulent period for oil, which surprisingly yesterday reached a negative price. The first attacks actually date back to October 2019 with a peak in February 2020.
In short, cybercriminals seem to have targeted the energy industry.