AgentTesla Spear-Phishing Campaign Targets Oil and Gas

In a time when malware attacks against the oil and gas industry are on the rise, two similar spear-phishing campaigns aimed at the oil and gas industry have been launched within the past month. 

Amid a time of international uncertainty, the oil and gas industry has seen a lot of the worst treatment. In January, strategic moves from Saudi Arabia and Russia threatened domestic oil dominance. Then, the unexpected happened. The outbreak of COVID-19 saw international demand dwindle, and supplies skyrocket. Now, as the entire industry plans recovery, watchdogs have revealed a series of cyberattacks using a malware program known as AgentTesla.

The Rosetta Sharing Facilities Project

In late March, an unknown entity impersonated an Egyptian oil and gas firm, sending out a series of emails to target companies in the United States using a type of cyberattack known as a spear-fishing campaign. The email in question requested that companies submit a bid to work on a fake oil project to be called the Rosetta Sharing Facilities Project. 

Though the bid appeared legitimate, attachments within the email unleashed a modified version of malware called AgentTesla. First introduced in 2014, AgentTesla is a type of spyware that is designed to log keystrokes and steal information. The March attack marks the first time that this nefarious program has been used against the oil and gas industry.

Gaining Popularity

Far from an isolated attack, another spear-phishing campaign was unveiled just a few days later, in mid-April. This attack used a similar method as the previous attack, once again impersonating a company and inserting AgentTesla under the guise of official business. 

Until these recent attacks, AgentTesla has been regarded as something of a known quantity. Unfortunately, that’s not the case. Amid a growing wave of cyberattacks aimed at the oil and gas industry, it would seem that cybercriminals have a potent new weapon.

The Quest for Information

At present, authorities are unsure as to the source of the cyberattacks. The motive, however, is clear. The purpose of the attacks was to determine how the United States’ oil and gas firms planned to approach the coming weeks and months. In a period where no one is entirely sure what’s going to happen from day-to-day, information has become the most valuable commodity.

Posted in Uncategorized.