A global effort to steal information from energy companies is using sophisticated social engineering to deliver Agent Tesla and other RATs.
A sophisticated campaign targeting large international companies in the oil and gas sector has been underway for more than a year, researchers said, spreading common remote access trojans (RATs) for cyber-espionage purposes.
According to Intezer analysis, spear-phishing emails with malicious attachments are used to drop various RATs on infected machines, including Agent Tesla, AZORult, Formbook, Loki and Snake Keylogger, all bent on stealing sensitive data, banking information and browser information, and logging keyboard strokes.
While energy companies are the main targets, the campaign also has gone after a handful of organizations in the IT, manufacturing and media sectors, researchers said. Victims have been found around the world, including in Germany, United Arab Emirates (UAE) and the United States, but the primary targets are South Korean companies.