The campaign is the second one targeted at oil companies to be discovered by SecureWorks this year. In February, researchers at the firm discovered attackers using remote access tools similar to Mirage to target several oil companies in Vietnam. That campaign also targeted government agencies in several countries, an embassy, a nuclear safety agency and multiple business groups, according to SecureWorks.

The domains for three of the command and control (C&C) servers used to control Mirage and for several of the C&C servers used in the February campaign, appear to belong to the same individual or group of individuals, SecureWorks said.

Also noteworthy is the fact that the IP addresses for the command and control servers used for Mirage and in the February campaign belong to China's Beijing Province Network. The same network was also implicated in last year's attacks on security vendor RSA that resulted in the related to the company's SecurID two-factor authentication technology.

Command and control servers associated with the 2009 that targeted government computers in more than 100 companies also used IP addresses in the same network. The evidence suggests that the same group of people is behind the sweeping cyber espionage campaigns, SecureWorks researchers Joe Stewart said today.

The latest Mirage campaign has so far impacted companies in Canada, the Philippines, a military organization in Taiwan and several unidentified entities in Nigeria, Egypt, Brazil and Israel, Stewart said.