The e-mail laced with malware sent to about 150 oil and gas companies invited recipients to bid for a contract for equipment and materials as part of a project that is actually underway. The scam is believed to be an effort to steal data on the possible cutting of global petroleum output
Hackers posing as an Egyptian oil company recently launched what appears to be a carefully-planned spear-phishing campaign against energy firms in an attempt to steal information on negotiations between the OPEC+ alliance and G20 countries.
According to Romanian antivirus firm BitDefender, the attackers claiming to be from Egypt's state-owned Engineering for Petroleum and Process Industries are trying to trick recipients into downloading the Agent Tesla trojan, which has become a popular hacking tool during the coronavirus crisis.
The spyware's capabilities include "stealth, persistence and security evasion techniques that ultimately enable it to extract credentials, copy clipboard data, perform screen captures, form-grabbing, and keylogging functionality, and even collect credentials for a variety of installed applications," BitDefender said.
The e-mail sent with two files to about 150 oil and gas companies over a week starting on March 31 invited recipients to bid for a contract for equipment and materials as part of a project that is actually underway.
The inclusion of information including real companies and projects, a bid submission deadline and even a request for a bid bond, indicating the sender was familiar with the industry, as well as the fact that the e-mail was written in a more professional way than other phishing messages, may have led recipients to believe that the message was legitimate.
The mails were said to have been sent to companies in more than 20 countries. Firms in Malaysia, the United States, Iran, South Africa, and Oman were targeted the most.
BitDefender said the campaign is believed to be an attempt to steal data on urgent negotiations between OPEC+ and G20 countries on cutting global petroleum output.
