The espionage hackers masquerading as a well-known Egyptian engineering contractor or a shipment company launched a sophisticated spear-phishing campaign targeting US-based oil and gas companies. What makes this particularly eye catching is the lack of typos, broken grammar and other sloppiness that are typical of phishing emails.
Malicious attackers are not above capitalizing on the coronavirus pandemic because the pandemic provides cybercriminals with the perfect pretext for their phishing emails. The targeting of US oil and gas companies should not come as a surprise, but rather a warning to other organizations. Phishing is a dangerous tactic and is widely used because of how easy it is for attackers to rinse and repeat and it works time after time. All industries, especially those hit the hardest by the economic impact of the pandemic, should be overly cautious about any email that lands in their inbox.
Agent Tesla is the #1 analyzed malware right now. Agent Tesla is a spyware trojan that steals information from its victims, including keystrokes, user interactions and application data. The creators of the malware are constantly updating it with new modules—in fact, the creators recently added the ability to steal WiFi profiles in the latest variant. Our threat intelligence team has seen Agent Tesla samples come through as JavaScript attachments, in zip files, and as .exe files.
It is marketed on its website as a legitimate personal use keylogger and the creators go as far as to provide tech support and a dedicated Discord server.