In 2025, a significant surge in phishing attacks targeting major U.S. energy companies was observed. The campaign primarily focused on Chevron, ConocoPhillips, PBF Energy, and Phillips 66, utilizing sophisticated impersonation techniques. Attackers employed HTTrack-based cloning to replicate legitimate websites, creating over 1,465 phishing domains. The infrastructure was distributed across multiple hosting providers and countries to evade takedowns. Notably, Chevron faced the highest volume of impersonation attempts with 158 fake domains. The phishing sites combined credential harvesting with investment scam frameworks, enhancing their profitability. Many malicious domains showed low detection rates across security vendors, exposing gaps in current defense systems. The analysis highlights the need for improved threat intelligence integration and faster mitigation strategies in the energy sector. Author: AlienVault
Related Tags:
domain impersonation
website cloning
investment scams
httrack
Keitaro
T1606.002
T1589.002
T1586.002
Credential Harvesting
Associated Indicators:
orangeoffers.click
humanenergy-company.com
advancedownloads.com
cclresources.com
xn--conocopillips-2z0g.com
phillips66lubricants.ru
chevroncvxstocks.com
phillips66shop.com
chevroncorpstocks.com