Hackers Use Microsoft Tool To Infiltrate Oil and Gas Infrastructure - 1

Image by Danny Burke, from Unsplash

Hackers Use Microsoft Tool To Infiltrate Oil and Gas Infrastructure

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

Researchers uncovered a stealthy malware campaign that attacks energy systems through Microsoft ClickOnce cloud obfuscation and the powerful backdoor known as RunnerBeacon

In a rush? Here are the quick facts:

  • OneClik targets energy, oil, and gas industries through phishing and malware.
  • Malware hides in Microsoft ClickOnce to bypass user alerts.
  • RunnerBeacon backdoor uses Amazon cloud to evade detection.

The Trellix research team identified a new cyberattack named “OneClik” which uses sophisticated methods to infiltrate energy and oil and gas companies’ security systems.

The attackers use phishing emails to deliver attacks which use the Microsoft ClickOnce application to deceive users into installing harmful software through a fake hardware analysis tool.

The victim opens the link which triggers the download of a fake tool before ‘‘dfsvc.exe’’ runs it. The legitimate Windows process accepts hidden malware through advanced programming techniques.

The researchers note that the RunnerBeacon, written in the Go programming language, is highly advanced. Indeed, it can run commands, steal files, take over network traffic, and even hide from investigators using anti-debugging tools and system checks.

The researchers report that the malware evolves across three versions, with each new one improving its ability to avoid detection, including scanning for whether it’s running in a secure virtual environment.

Additionally, the “living off the land” approach enables evasive capabilities by integrating into daily digital activities which makes detection more challenging.

Researchers say they cannot confirm the identity behind OneClik, however, the cyber operation demonstrates a prolonged sophisticated strategy that targets critical infrastructure systems.

Hawaiian Airlines Announces It Was Hit By Cyberattack - 2

Photo by Josh Withers on Unsplash

Hawaiian Airlines Announces It Was Hit By Cyberattack

  • Written by Andrea Miliani Former Tech News Expert
  • Fact-Checked by Sarah Frazier Former Content Manager

Hawaiian Airlines announced on Thursday that its IT systems had been hit by a cyberattack. Despite the disruption, the company confirmed that flights were operating as scheduled.

In a rush? Here are the quick facts:

  • Hawaiian Airlines announced that its IT systems had been hit by a cyberattack, but that flights are operating normally.
  • The company didn’t provide details of the attack, but assured that its security team is working with authorities and experts to solve the incident.
  • The carrier serves around 10 million passengers every year.

According to the official statement shared by the airline, its security team had been addressing the incident throughout the day and explained that more updates would be provided soon.

“Hawaiian Airlines is addressing a cybersecurity event that has affected some of our IT systems,” states the document. “We have taken steps to safeguard our operations, and our flights are operating safely and as scheduled.”

The American carrier didn’t provide more details of the attack and explained it has been working with authorities and experts to restore its IT systems.

“Upon learning of this incident, we engaged the appropriate authorities and experts to assist in our investigation and remediation efforts,” states the report. “We are currently working toward an orderly restoration and will provide updates as more information is available.”

Hawaiian Airlines is addressing a cybersecurity event that has affected some of our IT systems. Our highest priority is the safety and security of our guests and employees. Flights are operating safely. We will share updates as available. — Hawaiian Airlines (@HawaiianAir) June 26, 2025

According to Cybernews , the Federal Aviation Administration (FAA) said it was “monitoring the situation” with the airline, which serves around 10 million passengers every year.

Hawaiian Airlines has not disclosed which systems have been impacted, but Cybernews reports that a ransomware attack is likely. The cybersecurity site verified that the carrier’s website and app work normally.

According to KHON2 News, Hawaiian Airlines customers got a notification warning about the IT system disruption. Experts say that clients’ credit card details “should be safe” as most companies use encryption technology.

In recent days, other airlines have also been targeted by cyberattacks. Last week, hackers breached the internal systems and app of WestJet , Canada’s second-largest airline.