A sophisticated phishing campaign dubbed “Power Parasites” has been actively targeting global energy giants and major brands since 2024, according to a comprehensive threat report released this week. The ongoing campaign primarily exploits the names and branding of prominent energy companies including Siemens Energy, Schneider Electric, EDF Energy, Repsol S.A., and Suncor Energy through elaborately crafted investment scams and fraudulent job opportunities. Meanwhile, the job scam variant entices victims with fraudulent employment opportunities at well-known corporations, requiring applicants to provide sensitive personal and financial information including bank account details, identification documents, and void checks during the “onboarding” process. Analysis of the deceptive websites reveals a consistent template pattern across domains, with login pages featuring an “Invite code” field-a classic technique used in investment scams to create a false sense of exclusivity. Silent Push researchers identified that the threat actors employ a “spray and pray” methodology, simultaneously abusing multiple brand names while deploying numerous websites to maximize victim outreach. Victims are approached through a combination of deceptive websites, social media groups, and Telegram channels, often with localized content in English, Portuguese, Spanish, Indonesian, Arabic, and Bangla to increase effectiveness. The campaign’s promotion has extended to YouTube, where videos directing potential victims to malicious domains like “se-renewables.info” are published with enticing titles in multiple languages. The attackers have established an extensive network of over 150 active domains designed to impersonate legitimate companies, primarily targeting individuals across Asian countries including Bangladesh, Nepal, and India. In the investment scam variant, victims are lured with promises of high returns through fake investment platforms supposedly backed by reputable energy companies. Technical fingerprinting conducted by security researchers uncovered that these phishing sites employ shared characteristics across their infrastructure, allowing them to rapidly deploy new domains when others are taken down. The campaign also leverages Telegram channels containing “siemensenergy” in their names to distribute malicious links, though many have since been banned or deleted. One such video, translated from Bangla, promised viewers they could “Earn free money from new sites,” demonstrating the attackers’ multilingual targeting strategy. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Similarly, Repsol Energy has established a Fraud Alert page cautioning about schemes that use artificial intelligence to impersonate their executive team.
This Cyber News was published on cybersecuritynews.com. Publication date: Sat, 26 Apr 2025 12:55:08 +0000