Oil & Gas Sector Falls for Fake Car Accident Phishing Emails

  /     /     /  
Publicated : 23/11/2024   Category : security

Oil & Gas Sector Falls for Fake Car Accident Phishing Emails


Effective Rhadamanthys phishing campaign spoofs nonexistent Federal Bureau of Transportation to compromise recipients, analysts discover.


An updated version of the Rhadamanthys malware-as-a-service (MaaS) is being deployed against oil and gas companies, using an effective new lure with a concerning amount of success.
Cofense has been tracking the campaign, which uses emails and a PDF file disguised as communications from the Federal Bureau of Transportation, according to a new flash alert from the email security analysts. No such bureau exists, and may be a mashup of the Department of Transportation and the Bureau of Transportation Statistics, an purview.
It is not clear as to why this specific sector is [being targeted], but the campaign in its current form could be relevant in most sectors if threat actors decided to change targets, the
Cofense alert
explained. While the campaign was actively sending emails, it was successfully reaching targets at an alarming rate.
The campaign appeared just days after the
LockBit takedown
in February, the analysts said. The latest version of Rhadamanthys, 5.0, was updated earlier in 2024 with improvements to its evasion and data stealing capabilities, Cofense added.
The phishing emails are also carefully crafted, the researchers pointed out. The phishers crafted multiple, provocative subject lines like, Notification: Incident Involving Your Vehicle, and Attention Needed: Your Vehicles Collision.
As peculiar as it might seem to use vehicle incidents as a phishing lure, the threat actor(s) here put immense effort to ensure that their emails along with the infection chain target recipients emotions, Cofense added. Each email body and subject are both different than the next, but they can be summarized by notifying an employee of a car incident through an employer notification, possible legal actions, or even a notice of contacting law enforcement.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
Oil & Gas Sector Falls for Fake Car Accident Phishing Emails