May 18, 2015
Scammers apparently based in Nigeria have been stealing information from various companies in the oil logistics sector, according to a report published by Panda Security.
The campaign, dubbed “Operation Oil Tanker,” dates as far back as August 2013 and has been monitored by researchers since January 2014.
The security firm discovered the campaign after an employee at an England-based company that handles maritime oil transportation received an email containing a 4 Mb PDF file attached to it. Anti-virus software didn’t flag the document file, but a Panda Security pilot technology detected it as suspicious.
Specially crafted PDF files have been used in numerous attacks. However, in this case, the attacks didn’t involve any actual malware. According to researchers, the PDF, which is a self-extracting archive, contains various legitimate tools and scripts developed by the attackers to steal credentials and other information, and upload it to an FTP server.