Cyber espionage campaign targets renewable energy companies

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
A large-scale cyber-espionage campaign targeting primarily renewable energy and industrial technology organizations have been discovered to be active since at least 2019, targeting over fifteen entities worldwide.

The campaign was discovered by security researcher William Thomas, a Curated Intelligence trust group member, who employed OSINT (open-source intelligence) techniques like DNS scans and public sandbox submissions. Thomas' analysis revealed that the attacker uses a custom 'Mail Box' toolkit, an unsophisticated phishing package deployed on the actors' infrastructure, as well as legitimate websites compromised to host phishing pages. [...]
The phishing campaign's goal is to steal the login credentials of those working for renewable energy firms, environmental protection organizations, and industrial technology in general.
Examples of organizations targeted by the phishing attacks include:
  • Schneider Electric
  • Honeywell
  • Huawei
  • HiSilicon
  • Telekom Romania
  • University of Wisconsin
  • California State University
  • Utah State University
  • Kardzhali Hydroelectric Power Station (Bulgaria)
  • CEZ Electro (Bulgaria)
  • California Air Resources Board
  • Morris County Municipal Utilities Authority
  • Taiwan Forestry Research Institute
  • Carbon Disclosure Program
  • Sorema (Italian recycling firm)
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top