Zephyr Energy loses £700K in cyber hit that rerouted contractor payment

Zephyr Energy loses £700K to contractor payment fraud • The Register Cyber-crime 1 Zephyr Energy loses £700K in cyber hit that rerouted contractor payment 1 Attackers slipped into the process and redirected funds, leaving the company scrambling to recover the cash Carly Page Thu 9 Apr 2026 // 11:32 UTC UK-listed oil and gas outfit Zephyr Energy plc has admitted a cyber incident siphoned off roughly £700,000 after a single payment to a contractor was quietly redirected to an attacker-controlled account. The company, a technology-led oil and gas firm focused on developing assets in the US Rocky Mountain region, said on Thursday that one of its American subsidiaries was targeted in what it described as a "highly sophisticated" attack. The result was the diversion of funds during what should have been a routine payment process, with the cash ending up in a third-party account before anyone realized something was off. Zephyr isn't saying how the attackers pulled it off, but the outline is familiar: a legitimate payment, stealthily rerouted so the money ends up somewhere else entirely. The London-headquartered biz says it moved quickly once the issue was spotted, notifying law enforcement and working with banks and external consultants to try to claw the money back. Whether any of that £700K makes a return trip remains unanswered as these cases tend to become a race against time once funds start hopping between accounts. Criminal wannabes even more dangerous than the pros, says ex-FBI cyber chief Iran cyber actors disrupting US water, energy facilities, FBI warns Jaguar Land Rover's cyber bailout sets worrying precedent, watchdog warns Flaw in UK's corporate registry let directors rummage through rival records Zephyr is also drawing a fairly clear boundary around what this incident is and what it isn't. The company says its systems have been reviewed by external consultants, the issue has been contained, and day-to-day operations have not been disrupted. There is, however, the usual nod to "industry standard practices," followed by the promise that extra layers of security have now been added. What those layers look like has not been disclosed, but in cases like this, they often boil down to tighter payment verification, stronger controls around supplier bank detail changes, and a renewed appreciation for picking up the phone before sending large sums of money into the void. For investors, Zephyr is at pains to underline that this is a contained hit. The board says the company has more than enough working capital to absorb the loss without affecting ongoing operations. Still, it's a pricey reminder that in 2026, you don't need to break into a network to make off with the cash. Sometimes it's enough to wait for finance to hit "send." ® Share More about Cybercrime More like these × More about Cybercrime Narrower topics NCSC Broader topics Security More about Share 1 COMMENTS More about Cybercrime More like these × More about Cybercrime Narrower topics NCSC Broader topics Security TIP US OFF Send us news Other stories you might like World's smallest violin spotted at Amazon HQ as exec pay packets deflate C-suite forced to take sandwiches into work, cycle home CxO 9 Apr 2026 | AWS: Agents shouldn't be secret, so we built a registry for them Your agent will be pushed, filed, stamped, indexed, briefed, debriefed, and numbered AI + ML 9 Apr 2026 | 'Several dozen' high-value corporations hit by new extortion crew in helpdesk phishing spree Possible link to Mr. Raccoon's claimed Adobe break-in Cyber-crime 9 Apr 2026 | How JumpCloud unifies IT management to tame shadow AI Identity is the secret to ensuring enterprise network visibility in a world of shadow AI Sponsored Feature Deere oh Deere: Tractor repair row heads for $99M settlement FTC lawsuit lingers, while encouraging signs point to Iowa bill succeeding too On-Prem 9 Apr 2026 | 2 Spark creator bags computing gong for making big data a little bit smaller ACM salutes Databricks co-founder Matei Zaharia with $250K prize Software 9 Apr 2026 | Nutanix to add KubeVirt support to run VMs on K8s at the edge Exclusive Arm support is on the agenda, too, because AI is going to run on everything Virtualization 9 Apr 2026 | Chevin pulls the handbrake on FleetWave software after security scare UK and US customers stuck waiting after fleet management SaaS vendor took affected environments offline Security 9 Apr 2026 | OpenAI puts Stargate UK on ice, blames energy costs and red tape Sam Altman's datacenter dreams hit a wall of watts and wonkery, cooling Britain's AI ambitions On-Prem 9 Apr 2026 | 9 Months-old Adobe Reader zero-day uses PDFs to size up targets Malicious PDFs abuse legit features to harvest system data and decide which victims get a 2nd-stage payload Cyber-crime 9 Apr 2026 | 7 Microsoft locks out VeraCrypt and WireGuard devs, blames verification process No emails, no warnings, no humans – just bots, catch-22s, and a 60-day appeals queue Security 9 Apr 2026 | 18 Peace President's Iran war piles more pain on already battered PC market Memory costs were already through the roof - now freight's spiking too, and budget systems face extinction Personal Tech 9 Apr 2026 | 22