Oil & Gas Targeted in Year-Long Cyber-Espionage Campaign
Researchers have discovered a global effort to steal information from international companies in the oil and gas sector. According to experts, the campaign has been underway for more than a year and uses sophisticated social engineering tactics to deliver Agent Tesla and other remote access trojans (RATs). Researchers at Intezer analysis found spear-phishing emails with malicious attachments seeking to drop various RATs on infected machines with the intent to steal sensitive data, browser information, keyboard strokes, and banking information. The campaign has gone after energy companies, a handful of IT organizations, media organizations, and manufacturing firms. Victims include companies based in Germany, the US, the United Arab Emirates, and South Korea.
Researchers at Intezer reported the findings last Wednesday, implying that this may be the first stage in a more extensive campaign. In the event of a successful breach, the attacker would be able to utilize the compromised email account of the recipient to deploy even more spearphishing emails to companies, therefore widening the number of possible targets. One of the targets is seemingly obscure, according to the researchers: a Korean Christian radio broadcaster called FEBC. The company seeks to subvert the religion ban in North Korea. This specific target may serve to offer researchers some insight as to the motive behind the campaign.