At least three US oil companies were victims of highly targeted, email-borne
attacks designed to siphon valuable data from their corporate networks and send
it abroad, according to a published report citing unnamed people and government
documents.
The attacks against Marathon Oil, ExxonMobil, and ConocoPhillips began with
emails sent to senior executives that included links to booby-trapped websites,
according to the report in The Christian Science Monitor. The breaches focused
on the companies' proprietary "bid data" detailing the quantity, value, and
location of petroleum discoveries worldwide. The report said at least some of
the attacks appeared to originate in China, but didn't provide proof beyond the
existence of servers located in that country used to store some of the stolen
data.