skip to Main Content

Cybercrime, the Renewable Energy sector targeted by an APT

The Renewable Energy sector has been targeted by an APT. The cybersecurity researcher Will Bushido discovered a cyber espionage campaign aimed to steal credential from at least 15 companies worldwide

Renewable energy and industrial technology organizations are under attack by an APT. It has been discovered by the cybersecurity researcher Will Bushido. According to Bleeping Computer, it was a large-scale cyber-espionage campaign active since at least 2019 and targeting over 15 firms worldwide. The cybercrime actors exploited a custom ‘Mail Box’ toolkit, an unsophisticated phishing package deployed on the actors’ infrastructure, as well as legitimate websites compromised to host phishing pages. The goal is to steal the login credentials. Bushido couldn’t attribute the campaign to any specific threat actor, but evidence points to two clusters of activity, one from APT28 (aka FancyBear, Russia) and the other from Konni (aka APT37, North Korea). Howerver, the researcher noticed a small cluster of activity from 2019 linked to the same infrastructure targeting multiple Bulgarian banks.

Back To Top