The oil and gas industry is yet again a victim of Agent Tesla malware
A sophisticated campaign which uses remote access Trojans and malware-as-a-service threats for cyber espionage purposes has been targeting large international energy companies for at least a year, according to cybersecurity company Intezer.
The campaign uses spear]phishing emails to steal browsing data, private and banking information, and log keyboard strokes using threats such as Formbook and Agent Tesla, along with Loki, Snake Keylogger and AZORult, the Israeli company’s report says. (See: Attackers Target Oil and Gas Industry With AgentTesla)
With a focus on energy companies, the campaign also attacks the information technology, manufacturing, and media industries. Its targets are primarily based in South Korea, but include companies from the United States, United Arab Emirates and Germany, too.
The attack also targets oil and gas suppliers, indicating that this is only the first stage in a wider campaign, the report says. “In the event of a successful breach, the attacker could use the compromised email account of the recipient to send spear phishing emails to companies that work with the supplier. Thus using the established reputation of the supplier to go after more targeted entities,” it adds.
While Intezer did not offer details on the number of companies affected by the attacks, it did note that 68% of the victims belong to the oil, gas and energy sectors, followed by 20% in construction, 8% in IT and 4% in media.