Spearphishing campaigns targeted the oil & gas industry during OPEC+ and G20 meetings.
Bitdefender warns that two spearphishing campaigns recently targeted the oil & gas industry attempting to deliver the Agent Tesla information-stealing Trojan. The first campaign, which began on March 31st, targeted at least twenty-four countries and used emails that purported to come from Engineering for Petroleum and Process Industries (Enppi), an engineering subsidiary of Egypt's national oil company. The largest focus of this campaign was on Malaysia, the United States, Iran, South Africa, Oman, Turkey, and Italy. The second campaign, which began on April 12th, was much smaller in scope and "targeted only a handful of shipping companies based in the Philippines over the course of two days."
Both campaigns used industry-specific jargon and relevant requests that demonstrated the attackers' deep knowledge of the targeted organizations and industry. Bitdefender's researchers don't guess at who might be behind the campaigns, but they note that the timing of the operation—occurring before and during a meeting between OPEC+ and the Group of 20 regarding oil production and pricing during the COVID-19 pandemic—"suggests motivation and interest in knowing how specific countries plan to address the issue."
Read more in the CyberWire Pro Research Briefing.