Cyber Incident Victim: Empresa Nacional del Petrleo (ENAP)
Date:
Feb 2021
Location:
Chile
Summary
ENAP, a Chilean state-owned oil company, was targeted in a business email compromise (BEC) attack by the SilverTerrier cybercrime group, which impersonated a supplier to request fraudulent bank account changes. The company processed the transfer, but financial losses were prevented when the bank flagged inconsistencies in the recipient details. Subsequently, attackers compromised ENAP's systems to send spam emails from a director's account, distributing malicious links to external recipients. The group, known for targeting technology and manufacturing sectors since 2014, had law enforcement agencies across multiple continents actively pursuing its members. While the organization avoided monetary harm due to banking safeguards, the incident revealed both financial fraud attempts and unauthorized system access.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In February 2021, Empresa Nacional del PetrĂ³leo (ENAP), Chile's state-owned oil company under the Ministry of Energy, was targeted by the Nigerian cybercrime group SilverTerrier in a business email compromise (BEC) attack. The attackers impersonated a legitimate supplier and requested a change to their bank account information. ENAP processed the fraudulent request and initiated a funds transfer to the specified account. The transaction was ultimately blocked when the receiving bank identified discrepancies between the recipient's name and the account details, preventing financial loss. Following this initial attempt, SilverTerrier escalated their intrusion by compromising ENAP's information systems. Between February 3 and March 11, 2021, attackers sent 32 malicious emails from the compromised mailbox of ENAP's director of crude purchases and trading. These emails, distributed to multiple recipients across domains linked to the fraud campaign, contained links to a spoofed website falsely claiming to host a voice message from the director. The emails were flagged as spam during internal monitoring.
SilverTerrier, active since 2014, has historically targeted technology, manufacturing, and higher education sectors globally. International law enforcement agencies across four continents collaborated to investigate the group, resulting in multiple arrests by Nigerian authorities. In January 2021, Nigerian police arrested 11 individuals suspected of ties to SilverTerrier, followed by the May 2021 arrest of a high-ranking member. The group is estimated to have attempted fraud against over 50,000 potential victims. While ENAP avoided monetary losses due to the bank's intervention, the incident exposed vulnerabilities in its email and financial authorization processes. No additional technical details about the system intrusion, containment measures, or long-term operational impacts on ENAP were disclosed in available reporting.