Oil & Gas Sector Falls for Fake Car Accident Phishing Emails
Effective Rhadamanthys phishing campaign spoofs nonexistent "Federal Bureau of Transportation" to compromise recipients, analysts discover.
An updated version of the Rhadamanthys malware-as-a-service (MaaS) is being deployed against oil and gas companies, using an effective new lure with a concerning amount of success.
Cofense has been tracking the campaign, which uses emails and a PDF file disguised as communications from the "Federal Bureau of Transportation," according to a new flash alert from the email security analysts. No such bureau exists, and may be a mashup of the Department of Transportation and the Bureau of Transportation Statistics, an purview.
"It is not clear as to why this specific sector is [being targeted], but the campaign in its current form could be relevant in most sectors if threat actors decided to change targets," the Cofense alert explained. "While the campaign was actively sending emails, it was successfully reaching targets at an alarming rate."
The campaign appeared just days after the LockBit takedown in February, the analysts said. The latest version of Rhadamanthys, 5.0, was updated earlier in 2024 with improvements to its evasion and data stealing capabilities, Cofense added.
The phishing emails are also carefully crafted, the researchers pointed out. The phishers crafted multiple, provocative subject lines like, "Notification: Incident Involving Your Vehicle," and "Attention Needed: Your Vehicle's Collision."
"As peculiar as it might seem to use vehicle incidents as a phishing lure, the threat actor(s) here put immense effort to ensure that their emails along with the infection chain target recipient's emotions," Cofense added. "Each email body and subject are both different than the next, but they can be summarized by notifying an employee of a car incident through an employer notification, possible legal actions, or even a notice of contacting law enforcement."
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024