A large-scale cyber-espionage campaign targeting primarily renewable energy and industrial technology organizations have been discovered to be active since at least 2019, targeting over fifteen entities worldwide.
The campaign was discovered by security researcher William Thomas, a Curated Intelligence trust group member, who employed OSINT (open-source intelligence) techniques like DNS scans and public sandbox submissions. Thomas’ analysis revealed that the attacker uses a custom ‘Mail Box’ toolkit, an unsophisticated phishing package deployed on the actors’ infrastructure, as well as legitimate websites compromised to host phishing pages.
Read more…
Source: Bleeping Computer