Hackers Target Oil Tankers With ‘Catastrophic Phantom Menace’

Malicious and highly targeted attacks on the oil logistics sector have been exposed by security researchers.

First discovered by cloud-based security firm, Panda Security, in January 2014, the ongoing attack on oil cargos began in August 2013 and is designed to steal information and credentials for defrauding oil brokers. Despite having been compromised by this cyber-attack, which Panda Security has dubbed ‘The Phantom Menace’, none of the dozens of affected companies have been willing to report the invasion and risk global attention for vulnerabilities in their IT security networks.

Operation Oil Tanker

Panda Security detailed the attacks in a report titled Operation Oil Tanker: The Phantom Menace.

The Phantom Menace is one of the most unique attacks that PandaLabs has discovered throughout its 25 year history. No antivirus engine was able to detect the attack when first triggered, primarily because the attackers used legitimate tools in conjunction with a number of self-made scripts to cloak the activity from traditional detection techniques. Initially discovered when a secretary, at a company engaged in a pilot security program, opened a PDF email attachment declared to be safe by the existing email server and endpoint security, but flagged by the pilot technology as suspicious – despite no malware being involved.

Luis Corrons, PandaLabs technical director and report author, said: “Initially this looked like an average non-targeted attack. Once we dug deeper, though, it became clear that this was a systematic, targeted attack against a number of companies in the same specific industry sector.”

In most cases, identifying the source of a cyber-attack is tremendously challenging. Once discovered, however, The Phantom Menace had a telling weak spot: the FTP connection used to send out the stolen credentials. Through the FTP connection, PandaLabs was able to identify both an email address and name.

Corrons added: “We can limit the impact of this potentially catastrophic cyber-attack, but only if the victimised companies are willing to come forward.”

Panda Security said it is ready and willing to identify the individual to authorities, but without any credible reports being volunteered by the alleged victims, the authorities are unable to launch their investigations or make any arrests.

How much do you know about hacking and viruses? Take our quiz!