Inside the 2025 Energy Phishing Wave: Chevron, Conoco, PBF, Phillips 66

Sept. 12, 2025, 8:46 a.m.

Description

In 2025, a significant surge in phishing attacks targeting major U.S. energy companies was observed. The campaign primarily focused on Chevron, ConocoPhillips, PBF Energy, and Phillips 66, utilizing sophisticated impersonation techniques. Attackers employed HTTrack-based cloning to replicate legitimate websites, creating over 1,465 phishing domains. The infrastructure was distributed across multiple hosting providers and countries to evade takedowns. Notably, Chevron faced the highest volume of impersonation attempts with 158 fake domains. The phishing sites combined credential harvesting with investment scam frameworks, enhancing their profitability. Many malicious domains showed low detection rates across security vendors, exposing gaps in current defense systems. The analysis highlights the need for improved threat intelligence integration and faster mitigation strategies in the energy sector.

External References

https://hunt.io/blog/us-energy-phishing-wave-report
https://otx.alienvault.com/pulse/68c37a4f61a4eeb53a76aef0
Tags
phishing
rhadamanthys
credential harvesting
domain impersonation
investment scams
2025-09-12
energy sector
httrack
keitaro
website cloning
brand abuse

Date

  • Created: Sept. 12, 2025, 1:41 a.m.
  • Published: Sept. 12, 2025, 1:41 a.m.
  • Modified: Sept. 12, 2025, 8:46 a.m.

Indicators

  • 68.65.122.142
  • 68.65.122.139
  • 68.65.122.141
  • 198.187.29.69
  • 66.29.153.204
  • 162.0.232.186
  • 68.65.122.137
  • www.humanenergy-company.com.cargoxpressdelivery.com
  • www.pbfenergy.com
  • www.humanenergy-company.com
  • wwwmyphillips66card.com
  • https://www.pbfenergy.com/
  • https://phillips66lubricants.ru/
  • https://phillips66-carros.site/.
  • https://phillips66-carros.site/
  • https://investors.pbfenergy.com/
  • https://conocophils.com/register
  • http://phillips66shop.com/
  • http://pbfenergy.cc/.
  • http://pbfenergy.cc/
  • http://conocophils.com/operations/index.html
  • http://conocophils.com/index.html
  • http://conocophillips.live/app/index.html
  • http://conocophillips.live/
  • http://chevroncorpstocks.com/
  • http://cclresources.com/
  • investors.pbfenergy.com
  • humanenergy-company.com.cargoxpressdelivery.com
  • conoco-2024.dev.fastspot.com
  • xn--conocopillips-2z0g.com
  • phillips66shop.com
  • phillips66lubricants.ru
  • phillips66-carros.site
  • pbfenergy.cc
  • orangeoffers.click
  • humanenergy-company.com
  • conocophils.com
  • conocophillips.live
  • chevroncvxstocks.com
  • cclresources.com
  • chevroncorpstocks.com
  • advancedownloads.com
  • malware.name
Download all indicators here!

Attack Patterns

  • Keitaro
  • Rhadamanthys

Additional Informations

  • Energy
  • United States of America