Security News > 2022 > January > Cyber espionage campaign targets renewable energy companies
A large-scale cyber-espionage campaign targeting primarily renewable energy and industrial technology organizations have been discovered to be active since at least 2019, targeting over fifteen entities worldwide.
The campaign was discovered by security researcher William Thomas, a Curated Intelligence trust group member, who employed OSINT techniques like DNS scans and public sandbox submissions.
The phishing campaign's goal is to steal the login credentials of those working for renewable energy firms, environmental protection organizations, and industrial technology in general.
Thomas couldn't attribute this campaign to any specific actors, but evidence points to two clusters of activity, one from APT28 and one from Konni.
"Konni" used Zetta Hosting Solution domains in the Diplomat-targeting campaign uncovered by Cluster25, and also in a T406 campaign analyzed by Proofpoint.
APT28 is a Russian group linked to the state, and Bulgaria is known to import significant amounts of Russian natural gas, so the link between this campaign and the particular actors has a logical basis, even if it's not proven at this point.