Calendar An icon of a desk calendar. Cancel An icon of a circle with a diagonal line across. Caret An icon of a block arrow pointing to the right. Email An icon of a paper envelope. Facebook An icon of the Facebook "f" mark. Google An icon of the Google "G" mark. Linked In An icon of the Linked In "in" mark. Logout An icon representing logout. Profile An icon that resembles human head and shoulders. Telephone An icon of a traditional telephone receiver. Tick An icon of a tick mark. Is Public An icon of a human eye and eyelashes. Is Not Public An icon of a human eye and eyelashes with a diagonal line through it. Pause Icon A two-lined pause icon for stopping interactions. Quote Mark A opening quote mark. Quote Mark A closing quote mark. Arrow An icon of an arrow. Folder An icon of a paper folder. Breaking An icon of an exclamation mark on a circular background. Camera An icon of a digital camera. Caret An icon of a caret arrow. Clock An icon of a clock face. Close An icon of the an X shape. Close Icon An icon used to represent where to interact to collapse or dismiss a component Comment An icon of a speech bubble. Comments An icon of a speech bubble, denoting user comments. Ellipsis An icon of 3 horizontal dots. Envelope An icon of a paper envelope. Facebook An icon of a facebook f logo. Camera An icon of a digital camera. Home An icon of a house. Instagram An icon of the Instagram logo. LinkedIn An icon of the LinkedIn logo. Magnifying Glass An icon of a magnifying glass. Search Icon A magnifying glass icon that is used to represent the function of searching. Menu An icon of 3 horizontal lines. Hamburger Menu Icon An icon used to represent a collapsed menu. Next An icon of an arrow pointing to the right. Notice An explanation mark centred inside a circle. Previous An icon of an arrow pointing to the left. Rating An icon of a star. Tag An icon of a tag. Twitter An icon of the Twitter logo. Video Camera An icon of a video camera shape. Speech Bubble Icon A icon displaying a speech bubble WhatsApp An icon of the WhatsApp logo. Information An icon of an information logo. Plus A mathematical 'plus' symbol. Duration An icon indicating Time. Success Tick An icon of a green tick. Success Tick Timeout An icon of a greyed out success tick. Loading Spinner An icon of a loading spinner.

Spear phishing picks up Egyptian opportunity

Eni has completed the deal to resolve differences at the Damietta LNG plant, in Egypt, with Naturgy now withdrawn.
The Zohr gas field, offshore Egypt

Two cyber campaigns have been identified that have been highly focused on particular parts of the oil and gas industry, using the same spyware Trojan, by security company Bitdefender.

The Romanian researchers highlighted two instances of the use of the malware. The first saw a spike of cases on March 31, impersonating tender documents from Egypt’s ENPPI.

This referenced a legitimate project, the Rosetta development, and company, Burullus. Bitdefender described the campaign as spear phishing, which involves targeting specific individuals in order to gain insider information.

The second campaign started on April 12 and targeted a handful of shipping companies based in the Philippines over two days.

The campaign was intended to deliver the Agent Tesla malware. Bitdefender said this was capable of keylogging and had not been associated with spear phishing campaigns in the oil and gas sector previously.

The ENPPI email had two attachments, referencing work on Rosetta and an oil and gas project for Weir. Telemetry work carried out by Bitdefender said this was the first time it had seen the Weir file used.

The number of reported attacks was fairly low, peaking at 107 on March 31, but Bitdefender noted the particular focus on oil and gas.

The second incident, focused on Filipino shipping, was even smaller but again displayed some knowledge of the sector. For instance, it cited a specific ship, the MT Sinar Maluku.

“This email serves as another example of the lengths to which attackers will go to get their facts straight, make the email seem legitimate, and specifically target a vertical,” the cybersecurity company said.

Cybercriminals have increased their interest in the oil and gas sector since October 2019, with the most attacks taking place in the US and UK, followed by Ukraine.

The timing of the attack, around the OPEC deals, “suggests motivation and interest in knowing how specific countries plan to address the issue”, Bitdefender speculated.

More from Energy Voice

Latest Posts