“Power Parasites” Phishing Campaign Targets Energy Firms and Major Brands

Silent Push Threat Analysts have uncovered a widespread phishing and scam operation dubbed “Power Parasites,” targeting prominent energy companies and major global brands across multiple sectors in 2024.

This campaign, active primarily in Asian countries such as Bangladesh, Nepal, and India, leverages a sophisticated network of deceptive websites, social media platforms, and Telegram channels to perpetrate job and investment fraud.

By impersonating trusted entities like Siemens Energy, Schneider Electric, Repsol S.A., Suncor Energy, and even non-energy brands like Netflix and Starlink, the threat actors behind Power Parasites have orchestrated a multi-faceted attack aimed at exploiting unsuspecting individuals through financial phishing and fraudulent recruitment schemes.

Infrastructure Analysis Reveals Over 150 Active Domains

Technical investigations by Silent Push have mapped over 150 domains linked to the Power Parasites campaign in 2024, showcasing an intricate infrastructure designed for scalability and evasion.

Initial pivots into the campaign’s network began with domains such as sem-energy[.]net and se-renewables[.]info, which pointed to now-deleted Telegram channels and utilized naming conventions with keywords like “SE” (Siemens Energy) and “AMD” (Advanced Micro Devices).

These domains, coupled with HTML title reuse across languages including English, Arabic, and Bangla, indicate a templated approach to phishing pages, often featuring “Invite code” fields to restrict access and hinder defensive analysis.

Further analysis uncovered shared technical fingerprints, allowing researchers to expand their tracking into additional targets, including Repsol S.A. and LG Energy, as well as unexpected brands like Ducati Motorcycle and ABB Robotics.

This broad targeting highlights the campaign’s “spray and pray” methodology, where threat actors simultaneously abuse multiple brand identities to maximize victim outreach via platforms like YouTube, where promotional videos lure users to fraudulent sites.

The depth of this operation extends beyond simple phishing pages, as evidenced by fraudulent documents requesting sensitive information such as bank account numbers and void cheques under the guise of employment agreements.

Public warnings from affected companies, including Siemens Energy’s September 30, 2024, Facebook post disclaiming involvement in investment platforms, and Repsol’s fraud alert against AI-driven impersonations of executives, underscore the severity of the threat.

Additionally, a separate but related investment scam under the “Repsol Gain” moniker, flagged by the U.K. Financial Conduct Authority, suggests multiple threat actors may be exploiting the same brands with distinct templates and infrastructure, such as repsolgain[.]com, archived in historical data captures.

According to the Report, Silent Push’s ongoing research emphasizes the campaign’s active status into 2025, urging vigilance against these scams that often gate low-quality investment or job experiences behind deceptive login portals.

As the Power Parasites network continues to evolve, leveraging aggressive social media outreach and complex technical pivots, the need for robust cybersecurity measures and public awareness remains critical to mitigating the financial and personal damages inflicted by such malicious campaigns.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!