Zephyr Energy hackers swiped £700,000 after redirecting a contractor payment
Payment to a Zephyr Energy contractor was siphoned off, but the incident has been contained and new security measures implemented
Oil and gas firm Zephyr Energy has reported that one of its US subsidiaries has suffered a cyber intrusion that allowed the attackers to siphon off hundreds of thousands of pounds.
The London-headquartered company said the incident saw a contractor payment diverted to an account controlled by threat actors. The company confirmed around £700,000 was lost in the incident.
"Upon discovery of the incident, the company immediately notified the relevant law enforcement authorities and is working with the corresponding banks and consultants to attempt to recover the diverted funds," the company said in a regulatory filing with the London Stock Exchange.
Zephyr noted that the incident has been contained and IT systems have been thoroughly assessed by a leading cybersecurity consultancy.
Operations and corporate activities are continuing as normal, but its own internal IT teams are keeping a close eye on company systems.
"While Zephyr uses industry standard practices in relation to its technology and payment systems, additional layers of security have been implemented as a result of this attack," it added.
"The company's board of directors can confirm that the company has more than sufficient working capital to ensure that this isolated matter will not impact the company's ability to perform its ongoing operations."
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
Zephyr Energy attack: What happened?
There's no information on how the attack actually took place, but it has all the hallmarks of a business email compromise (BEC) incident.
Via phishing campaigns, hackers typically gain access to email inboxes or accounting systems that enables them to change bank details during payment or invoice processing, in what's known as an adversary in the middle (AiTM) attack.
Earlier this year, Microsoft warned that AiTM campaigns targeting cloud collaboration platforms such as Microsoft SharePoint and OneDrive were on the rise.
The tech giant specifically highlighted energy companies among those at highest risk of targeting.
At the time, Microsoft’s Defender Research Team said attackers were abusing SharePoint file sharing services to deliver phishing payloads, and had succeeded in compromising a number of accounts.
In terms of mitigation, because the sign-in session is compromised, simply resetting passwords doesn't work. The company outlined a series of steps that organizations should take to mitigate risks, including:
- Using conditional access policies, especially risk-based access policies
- Implementing continuous access evaluation
- Investing in advanced anti-phishing solutions
- Continuous monitoring for suspicious or anomalous activities
FOLLOW US ON SOCIAL MEDIA
Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.
-
IBM targets data center efficiency gains with new z17 and LinuxONE offeringsNews Cost, data center footprint, and performance improvements are coming for IBM Z and LinuxONE customers
-
Databarracks expands business resilience services with Acumen acquisitionNews The deal brings more than 100 business continuity customers into Databarracks' managed resilience offering
-
Multi-channel phishing attacks: How to manage the riskIn-depth Attackers are evolving beyond email towards phishing across multiple channels. Why is this, and what can be done to manage the risk?
-
Hackers are posing as Interpol to target small businesses – here's what you need to knowNews Small businesses are warned to think twice before clicking on links
-
‘Hacking groups have the transport network firmly in their sights’: Network Rail is battling a torrent of cyber threatsNews FoI requests have revealed that the rail operator is under increasing attack, as cyber criminals set their sights on the transport sector
-
‘They risk damaging confidence’: A Canadian health board outraged staff with phishing tests offering paid leave – experts say it shows why you need to be careful with cyber awareness campaignsNews Phishing tests require a delicate touch, emulating realism while not “exploiting goodwill”
-
Hackers are capitalizing on AI hype to ramp up social engineering attacks – and they're using big brands like Anthropic, OpenAI, and DeepSeek as ‘bait’ to lure victimsNews Microsoft says cyber criminals are impersonating popular AI platforms to deliver malware
-
Beware of emails threatening a code of conduct reviewNews A widespread phishing campaign has targeted tens of thousands of employees
-
‘The inbox is no longer the only frontline’: Phishing attacks are evolving as cyber criminals ramp up ‘multi-channel’ campaigns over email and Microsoft TeamsNews New research shows threat actors are ramping up “multi-channel” phishing attacks by combining lures via email and Microsoft Teams
-
Tycoon 2FA is down, but not out – researchers warn the phishing as a service operation is still a huge threat to businessesNews Millions of Tycoon 2FA attacks are still hitting businesses, according to research from Barracuda