Oil and Gas Supply-chain Phishing Campaign

This was a very interesting investigation from our EDR partner Reaqta.

ReaQta has been tracking an extensive and long running spear-phishing campaign, targeting the supply-chain in the Oil & Gas industry, most likely for espionage purposes. The campaign started in 2018 and it’s still running today, with a new wave began on the first week of May. It is carefully prepared and executed, with attackers taking advantage of several compromised websites to deliver their malicious payloads.

Due to the length of this campaign, we believe this might be used to obtain and maintain access within a network of suppliers that cater to the Oil & Gas industry and that it might set the stage for a more targeted attack in the future.