Cyber espionage campaign targets renewable energy companies


Level 84
Thread author
Top poster
Content Creator
Malware Hunter
Aug 17, 2014
A large-scale cyber-espionage campaign targeting primarily renewable energy and industrial technology organizations have been discovered to be active since at least 2019, targeting over fifteen entities worldwide.

The campaign was discovered by security researcher William Thomas, a Curated Intelligence trust group member, who employed OSINT (open-source intelligence) techniques like DNS scans and public sandbox submissions. Thomas' analysis revealed that the attacker uses a custom 'Mail Box' toolkit, an unsophisticated phishing package deployed on the actors' infrastructure, as well as legitimate websites compromised to host phishing pages. [...]
The phishing campaign's goal is to steal the login credentials of those working for renewable energy firms, environmental protection organizations, and industrial technology in general.
Examples of organizations targeted by the phishing attacks include:
  • Schneider Electric
  • Honeywell
  • Huawei
  • HiSilicon
  • Telekom Romania
  • University of Wisconsin
  • California State University
  • Utah State University
  • Kardzhali Hydroelectric Power Station (Bulgaria)
  • CEZ Electro (Bulgaria)
  • California Air Resources Board
  • Morris County Municipal Utilities Authority
  • Taiwan Forestry Research Institute
  • Carbon Disclosure Program
  • Sorema (Italian recycling firm)