Zephyr Energy hackers swiped £700,000 after redirecting a contractor payment
Payment to a Zephyr Energy contractor was siphoned off, but the incident has been contained and new security measures implemented
Oil and gas firm Zephyr Energy has reported that one of its US subsidiaries has suffered a cyber intrusion that allowed the attackers to siphon off hundreds of thousands of pounds.
The London-headquartered company said the incident saw a contractor payment diverted to an account controlled by threat actors. The company confirmed around £700,000 was lost in the incident.
"Upon discovery of the incident, the company immediately notified the relevant law enforcement authorities and is working with the corresponding banks and consultants to attempt to recover the diverted funds," the company said in a regulatory filing with the London Stock Exchange.
Zephyr noted that the incident has been contained and IT systems have been thoroughly assessed by a leading cybersecurity consultancy.
Operations and corporate activities are continuing as normal, but its own internal IT teams are keeping a close eye on company systems.
"While Zephyr uses industry standard practices in relation to its technology and payment systems, additional layers of security have been implemented as a result of this attack," it added.
"The company's board of directors can confirm that the company has more than sufficient working capital to ensure that this isolated matter will not impact the company's ability to perform its ongoing operations."
Zephyr Energy attack: What happened?
There's no information on how the attack actually took place, but it has all the hallmarks of a business email compromise (BEC) incident.
Via phishing campaigns, hackers typically gain access to email inboxes or accounting systems that enables them to change bank details during payment or invoice processing, in what's known as an adversary in the middle (AiTM) attack.
Earlier this year, Microsoft warned that AiTM campaigns targeting cloud collaboration platforms such as Microsoft SharePoint and OneDrive were on the rise.
The tech giant specifically highlighted energy companies among those at highest risk of targeting.
At the time, Microsoft’s Defender Research Team said attackers were abusing SharePoint file sharing services to deliver phishing payloads, and had succeeded in compromising a number of accounts.
In terms of mitigation, because the sign-in session is compromised, simply resetting passwords doesn't work. The company outlined a series of steps that organizations should take to mitigate risks, including:
- Using conditional access policies, especially risk-based access policies
- Implementing continuous access evaluation
- Investing in advanced anti-phishing solutions
- Continuous monitoring for suspicious or anomalous activities
FOLLOW US ON SOCIAL MEDIA
Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.
You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.
-
Beware of emails threatening a code of conduct reviewNews A widespread phishing campaign has targeted tens of thousands of employees
-
‘The inbox is no longer the only frontline’: Phishing attacks are evolving as cyber criminals ramp up ‘multi-channel’ campaigns over email and Microsoft TeamsNews New research shows threat actors are ramping up “multi-channel” phishing attacks by combining lures via email and Microsoft Teams
-
Tycoon 2FA is down, but not out – researchers warn the phishing as a service operation is still a huge threat to businesses
News Millions of Tycoon 2FA attacks are still hitting businesses, according to research from Barracuda
-
'AI-generated phishing became the baseline' for hackers last year – Kaseya warns it's going to get worse in 2026News Forget looking for typos and bad grammar, phishing campaigns are using AI to boost their attack success
-
Interpol teams up with tech firms to seize 45,000 malicious IPs, servers in global cyber crime crackdownNews Operation Synergia III saw 94 arrests - and counting - with malicious IP addresses used in phishing and fraud schemes seized
-
Is your new hire an AI clone? Microsoft says North Korean hackers are using AI to impersonate job seekers and steal company secretsNews The groups are increasingly using face-changing or voice-changing software to make their fake identities more plausible
-
LastPass issues alert as customers face second major phishing campaign of 2026News The campaign is the third to hit LastPass users in six months
-
A single compromised account gave hackers access to 1.2 million French banking recordsNews Ficoba has warned that “numerous” scams are already in circulation following the data breach
