Oil and Gas Companies Targeted With Agent Tesla Malware
Recent spearphishing campaigns have targeted the oil and gas industry, using the so-called Agent Tesla spyware Trojan. According to security firm Bitdefender, attackers impersonated an Egyptian state oil company called Enppi, (Engineering for Petroleum and Process Industries) to launch attacks against organizations in several countries including Malaysia, the US, Iran, South Africa, Oman, and Turkey.
The second known campaign consisted of the threat actors pretending to be a shipment company, leveraging legitimate information to target victims in the Philippines. The emails in this campaign used “industry jargon” to enhance reliability. In the first campaign, the attackers fraudulently claimed to the Enppi, requesting equipment and materials. The emails sent were malicious and designed to drop Agent Tesla onto victims’ machines. Bitdefender stated that they observed a spike in the attacks on March 31, however, the attacks remain at a low frequency and effect Malaysia and the US the most.