Skip to content

2013 Press Release

Anonymous Hacker Group Plans Targeted Attack on Oil Industry

Trend Micro Urges Enterprises to Embrace Advanced Threat Detection Security Solutions

[Taipei, 20 June, 2013] – Leading global security company Trend Micro Incorporated (TYO:4704) has documented anomalous malicious activity that indicates the hacktivist group Anonymous has launched its attacks on the oil industry – June 20, 2013.

Anonymous claim that they intend to launch a series of attacks on the world’s oil industry, under the operation codename #OpPetrol, as a response to the fact that oil is traded with the US dollar instead of the currency of the country where it was harvested. While June 20th is the day that most attacks are expected to occur and be made public, the group has already begun mobilising since last month.

According to Anonymous, approximately 1,000 websites, 35,000 email credentials, and more than 100,000 Facebook accounts have been compromised as a part of the #OpPetrol operation. In addition, Trend Micro has found that compromised systems (botnets) are already hitting websites of the intended targets, possibly as part of a distributed denial-of-service (DDoS) attack.

The particular malware being used to direct infected systems to attack the intended targets is a backdoor trojan known as CYCBOT, which allows attackers unauthorized access and control of an affected computer. After a computer is infected, the trojan connects to a specific remote servers – also known as Command & Control (C&C) servers, to receive commands from attackers. The trojan allows attackers to perform backdoor functions such as launching a DDoS attack or retrieve information from the infected computer. Most importantly, the trojan can disable security-related processes that are running on the system.

Trend Micro researchers have found a significant number of government websites in Kuwait, Qatar, and Saudi Arabia – sites that were in the #OpPetrol target list -- have already gone offline. Trend Micro recommends that organizations should partner with local telecommunication service provider to monitor and mitigate a DDoS attacks, and look for any sign of a breach or network compromised by monitoring for C&C communications inside their network.

“The IT threat landscape has evolved – cyber- attacks are now targeted, customized and persistent," according to Richard Sheng, Sr. Director of Enterprise Security, Trend Micro Asia Pacific. “While hacktivist makes announcements of their attack campaign, most cyber-crimes and espionages goes undetected by conventional security controls such as firewall, antivirus or intrusion detection systems. Organizations need to assume they will be compromise, and redefine their IT security with that mental model."

Gaps and Challenges with Conventional Security Controls

  • Traditional perimeter security defense are insufficient. Coupled with social engineering techniques, spear-phishing attacks are penetrating perimeters and injecting backdoor trojans inside your network.
  • Signature-based anti-virus solutions are useless against customized malware that are tested before putting into actions.
  • Exploitation of known or zero-day system vulnerabilities will continue, as attackers bet on the fact that organizations can’t patch systems fast enough.
  • Once inside your network, backdoor agents evade detection, steal credentials, establish additional footholds, and perform network reconnaissance to locate assets of interest.

Best Practices Against Targeted Cyber Attacks
Under the assumption that we will be compromised, organizations must improve detection capabilities that provide visibility of a breach, and establish an incident response process/plan that can quickly mitigate and minimize the impact.

  • People:
    • Educate employee around the risk of sharing too much information on social networking and how it relates to spear-phishing attacks tactics.
    • Improve forensic and threat analysis capability within IT security team
  • Process:
    • Remove administrative privilege for most end-users
    • Shutting down vulnerabilities early
    • Establish incident response plan and team
    • Centralize monitoring of security events and logs
  • Technology:
    • Detect & block spear-phishing attempts at the perimeter
    • Increase visibility of C&C communication on the network
    • Add vulnerability shielding capability to mission critical systems to
    • Employ customizable sand-boxing capability to analyze zero-day customized malware
    • Monitor critical systems for unauthorized changes with file integrity monitoring

Trend Micro Deep Discovery provides visibility, insight, and control over networks to defend against targeted threats. Deep Discovery uniquely detects and identifies evasive threats in real-time and provides customizable sandbox analysis and actionable intelligence to prevent, discover, and reduce risks.

For further information on this threat, please see the following Trend Micro blog posts:
Anonymous’ #OpPetrol: What is it, What to Expect, Why Care?
Anonymous’ #OpPetrol: Leading into June 20

To learn about targeted attacks and recommendations for corporate IT, please see:

To learn about Trend Micro, please visit:

About Trend Micro

Trend Micro Incorporated (TYO: 4704;TSE: 4704), a global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers. A pioneer in server security with over 20 years’ experience, we deliver top-ranked client, server and cloud-based security that fits our customers’ and partners’ needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the industry-leading Trend Micro Smart Protection Network cloud computing security infrastructure, our products and services stop threats where they emerge – from the Internet. They are supported by 1,000+ threat intelligence experts around the globe.

Additional information about Trend Micro Incorporated and its products and services are available at Trend This Trend Micro news release and other announcements are available at and as part of an RSS feed at Or follow our news on Twitter at @TrendMicro.

Connect with us on