Attackers are targeting energy companies with the Agent Tesla spyware, as seen in recent spearphishing emails with malicious attachments. Researchers say that until now, Agent Tesla has not been associated with campaigns targeting the oil-and-gas vertical.
The emails leverage the tumultuous nature of today’s oil and gas markets, which have been under tremendous stress in recent weeks, as the global COVID-19 pandemic lowered oil demand. At the same time, an agreement over oil production has been struck in a recent meeting between the OPEC+ alliance and the Group of 20 nations.
Attackers are taking advantage of the concerns around this crisis by impersonating a well-known Egyptian engineering contractor (Engineering for Petroleum and Process Industries, or Enppi), with experience in onshore and offshore projects in oil and gas, as well as a shipment company (Glory Shipping Marine Co. Ltd).