“Power Parasites” Phishing Attack Hits Energy Sector and Leading Brands

A sophisticated phishing and scam campaign dubbed “Power Parasites” has been actively targeting the global energy sector and various leading international brands, Silent Push Threat Analysts confirmed this week.

The operation exploits the branding and digital presences of major energy firms including Siemens Energy, Schneider Electric, EDF Energy, Repsol S.A., and Suncor Energy alongside other global names such as Starlink, Netflix, Ducati Motorcycle, and Air France.

Primarily leveraging deceptive websites, social media, and Telegram channels, the campaign seeks to ensnare victims, particularly in Asian markets including Bangladesh, Nepal, and India, through fraudulent job offers and pyramid investment schemes.

Threat Campaign Exploits Major Energy Companies’ Brands

Siemens Energy was among the first to issue public warnings in 2024, highlighting a surge in fraudulent activities that abused its name on various online platforms.

The company clarified it neither operates investment platforms nor requests sensitive banking details or payments throughout its hiring process.

Despite these efforts, the “Power Parasites” actors continued their onslaught, expanding their infrastructural footprint across more than 150 domains over the past year, each carefully crafted to impersonate legitimate business landing pages.

Repsol S.A. and Suncor Energy have also taken proactive measures, issuing alerts to customers and job seekers regarding impersonation scams.

Repsol’s fraud advisory highlights the misuse of AI-driven messages to simulate official communications, particularly targeting individuals through unofficial channels and platforms.

Suncor Energy’s warnings echo these sentiments, emphasizing their strict policy against soliciting payments or excessive personal data from applicants.

Technical analysis by Silent Push revealed that the attackers orchestrate their scams using domains that feature login pages with “invite code” fields.

This obfuscation technique serves to deter casual scrutiny by cybersecurity defenders, complicating efforts to track the scope and evolution of the campaign.

Additionally, the attackers have leveraged user-generated content platforms such as YouTube to circulate lures, promoting their fraudulent investment platforms with promises of easy earnings particularly resonant in local languages in regions like Bangladesh and India.

Deceptive Infrastructure Targets Victims Across Asia

Central to the campaign’s technical infrastructure is the use of domain names mimicking energy industry terminology and branding, including permutations of “SE” (Siemens Energy), “AMD” (Advanced Micro Devices), and other relevant sector-specific keywords like “biz,” “hub,” and “renewables.”

The attackers’ infrastructure shows rapid evolution and creative domain proliferation, facilitating continuous pivots and broadening the campaign’s reach.

Notably, the campaign doesn’t only restrict itself to phishing for credentials; it extends to elaborate financial scams, including “employment agreements” that request sensitive data such as bank account numbers, IFSC codes, personal identification, and voided cheques under the pretense of formal hiring processes.

These advanced social engineering tactics further blur the line between digital deception and real-world impact.

Beyond the energy sector, the attackers have adopted a spray-and-pray approach, opportunistically spoofing well-known consumer and industrial brands to cast the widest possible net.

This multi-pronged strategy has yielded a sprawling network of fraudulent sites and channels, each reinforcing the others’ legitimacy and complicating takedown efforts for security researchers.

While authorities such as the UK’s Financial Conduct Authority have issued specific warnings most notably against the “Repsol Gain” scam site ongoing research suggests that multiple threat groups may be exploiting similar techniques and infrastructure, amplifying the complexity and persistence of the threat.

Silent Push Threat Analysts continue to monitor the campaign’s domain infrastructure and variant templates, stressing the need for vigilant public education and proactive brand protection measures across the energy and technology sectors.

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates