A sophisticated phishing campaign dubbed \u201cPower Parasites\u201d has been actively targeting global energy giants and major brands since 2024, according to a comprehensive threat report released this week.<\/p>\n
The ongoing campaign primarily exploits the names and branding of prominent energy companies including Siemens Energy, Schneider Electric, EDF Energy, Repsol S.A., and Suncor Energy through elaborately crafted investment scams and fraudulent job opportunities.<\/p>\n The attackers have established an extensive network of over 150 active domains designed to impersonate legitimate companies, primarily targeting individuals across Asian countries including Bangladesh, Nepal, and India.<\/p>\n Victims are approached through a combination of deceptive websites, social media groups, and Telegram channels, often with localized content in English, Portuguese, Spanish, Indonesian, Arabic, and Bangla to increase effectiveness.<\/p>\n Silent Push researchers identified<\/a> that the threat actors employ a \u201cspray and pray\u201d methodology, simultaneously abusing multiple brand names while deploying numerous websites to maximize victim outreach.<\/p>\n The campaign\u2019s infrastructure analysis revealed that the attackers utilize domain names containing keywords like \u201cSE\u201d (representing Siemens Energy) and \u201cAMD\u201d (for Advanced Micro Devices) combined with various domain suffixes, creating patterns such as \u201csehub.top\u201d and \u201camd-biz.mom\u201d.<\/p>\n The primary infection vectors involve social engineering<\/a> through two distinct approaches. In the investment scam variant, victims are lured with promises of high returns through fake investment platforms supposedly backed by reputable energy companies.<\/p>\n Meanwhile, the job scam variant entices victims with fraudulent employment opportunities at well-known corporations, requiring applicants to provide sensitive personal and financial information including bank account details, identification documents, and void checks during the \u201conboarding\u201d process.<\/p>\n The Power Parasites campaign<\/a> employs an intricate technical infrastructure designed for maximum reach and minimal detection.<\/p>\n Analysis of the deceptive websites reveals a consistent template pattern across domains, with login pages featuring an \u201cInvite code\u201d field-a classic technique used in investment scams to create a false sense of exclusivity.<\/p>\n The campaign\u2019s promotion has extended to YouTube, where videos directing potential victims to malicious domains<\/a> like \u201cse-renewables.info\u201d are published with enticing titles in multiple languages.<\/p>\n One such video, translated from Bangla, promised viewers they could \u201cEarn free money from new sites,\u201d demonstrating the attackers\u2019 multilingual targeting strategy.<\/p>\n Technical fingerprinting conducted by security researchers uncovered that these phishing sites<\/a> employ shared characteristics across their infrastructure, allowing them to rapidly deploy new domains when others are taken down.<\/p>\n The campaign also leverages Telegram channels containing \u201csiemensenergy\u201d in their names to distribute malicious links, though many have since been banned or deleted.<\/p>\n Siemens Energy has already published warnings about the fraudulent activities, explicitly stating they \u201cdo not operate any investment platforms\u201d and \u201cdo not ask for fees prior\/during\/after the application process.\u201d<\/p>\n Similarly, Repsol Energy has established a Fraud Alert page cautioning about schemes that use artificial intelligence to impersonate their executive team.<\/p>\n The post New Power Parasites Phishing Attack Targeting Energy Companies and Major Brands<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiu_9gI1MpO0VtHXpp5jmu0v3r0aXKp5Ntt-Awx0P7eHxwk7q6bxi0gu8XCphyphenhyphenNE1Kr_ZdF-0sPsILbtIHmNQ_min7dRk5327Ukp6r7M7ODKYimQpxk0JxNRFdd_kckVPHc1i9D_rTEIuDwOvLdNCrUPIiTSxjCWiDTzx2_iArnIA0tUGpxzchNTnO71G0\/s16000\/Portion%2520of%2520a%2520document%2520used%2520in%2520the%2520hiring%2520scam%2520campaign%2520%28Source%2520-%2520Silent%2520Push%29.webp?ssl=1\")
Infection Mechanism and Technical Infrastructure<\/strong><\/h2>\n
![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhU5SUfjRordAXrel-V0mTWOII8rfYeYFoyxIHnyo5pE3QtbN5W1kkLGgMpNCWZur6soXhD6D5hjz32TvO3kaiVoAM92AgomVQQBXxFUnmEmu2rHmiw1SnDz3qhJSUp-qwVegm3F7shCv3-oCetGuldFWtWU2-69dvyyCtHO6JEyZJpRNnuSVWs_9VIR3k\/s16000\/Repsol%2520phishing%2520website%2520%28Source%2520-%2520Silent%2520Push%29.webp?ssl=1\")
Malware Trends Report Based on 15000 SOC Teams Incidents, Q1 2025 out!->\u00a0Get Your Free Copy<\/a><\/code><\/strong><\/p>\n