Inside the 2025 Energy Phishing Wave: Chevron, Conoco, PBF, Phillips 66
Essential information
- Published
- 12/09/2025 01:41
- Modified
- 12/09/2025 08:46
- Tags
- 2025-09-12 brand abuse credential harvesting domain impersonation energy sector httrack investment scams keitaro phishing rhadamanthys website cloning
- Related entities
- 43 observables, 2 malware, 2 others
Description
In 2025, a significant surge in phishing attacks targeting major U.S. energy companies was observed. The campaign primarily focused on Chevron, ConocoPhillips, PBF Energy, and Phillips 66, utilizing sophisticated impersonation techniques. Attackers employed HTTrack-based cloning to replicate legitimate websites, creating over 1,465 phishing domains. The infrastructure was distributed across multiple hosting providers and countries to evade takedowns. Notably, Chevron faced the highest volume of impersonation attempts with 158 fake domains. The phishing sites combined credential harvesting with investment scam frameworks, enhancing their profitability. Many malicious domains showed low detection rates across security vendors, exposing gaps in current defense systems. The analysis highlights the need for improved threat intelligence integration and faster mitigation strategies in the energy sector.