UK-listed Zephyr Energy plc admitted on Thursday that it has lost approximately £700,000 following a cyberattack. The incident involved a routine payment intended for a contractor being surreptitiously redirected to accounts controlled by attackers.
The London-based oil and gas company, which focuses on developing assets in the US Rockies, stated that one of its US subsidiaries was the target of a "highly sophisticated" attack. Attackers successfully infiltrated the payment process, diverting funds to third-party accounts before the anomaly could be detected.
While Zephyr Energy has not yet disclosed the specific mechanics of the hijack, the process involved the covert manipulation of legitimate payment instructions. The company took swift action upon discovering the breach and is currently cooperating with law enforcement, alongside banks and external advisors, in an attempt to recover the intercepted funds.
Fund Recovery and Security Enhancements
The company stated that external advisors have completed a system review, the security threat has been contained, and day-to-day operations remain unaffected. Zephyr Energy noted that additional layers of security have been implemented. Although specific details of these measures have not been released, such protocols typically involve more stringent payment verification and enhanced controls over changes to supplier banking details.
Addressing investors, the company's board emphasized that the loss will not impact its ongoing operations, explicitly stating that the company maintains sufficient working capital to absorb the impact.
