Senior executives at ExxonMobil, ConocoPhillips and Marathon Oil in 2008 fell victim to a what security experts called “tenacious” and “clever” cyber attacks that exposed some of the oil titans’ most critical intellectual property. eSecurity Planet explains who was responsible for the attacks and what implications this new form of corporate espionage has for all U.S. companies.
Senior executives at the three of the world’s largest oil and natural gas companies were targeted by a highly sophisticated and aggressive malware campaign in 2008 that was designed to steal key proprietary data—including multi-million-dollar research to locate the next great oil discovery—according to a report this week on the Christian Science Monitor Web site.
ExxonMobil (NYSE: XOM), ConocoPhillips (NYSE: COP) and Marathon Oil (NYSE: MRO) executives who were unwittingly duped by unsolicited e-mails caring the data-extracting malware were finally notified of the scam in early 2009, according to unnamed law enforcement and IT security experts quoted in the article. Security experts familiar with the attacks said this new form of corporate and, quite possibly, nation-sponsored espionage utilized custom spyware that is virtually undetectable by antivirus software applications used by the vast majority of large companies around the globe.
Targeting senior executives in a company is not new, but the level of sophistication of these attacks take the concept to a whole new level.
This particular wave of attacks focused on proprietary data, including “bid data”—the files containing details on the quantity, value and location of oil discoveries around the word. Officials close to the investigation said some of the attacks appeared to originate in China and that servers located in the Communist nation were used to store some of the stolen data.