Showing posts from January, 2022

Tracking A Renewable Energy Intelligence Gathering Campaign

  For my first research blog of 2022, I analysed a suspected intelligence gathering campaign targeting renewable energy and industrial technology organisations, with a particular focus on Bulgaria. This long-running espionage campaign leveraged multiple credential harvesting pages to target the email accounts of employees at a number of organisations between 2019 and is ongoing in 2022. The attackers use the same 'Mail Box' phishing kit and host many of the pages on them infrastructure, supported by also compromising some legitimate websites. This research was conducted using OSINT techniques such as query public sandbox submissions and passive DNS scan results. From this up to 40 individuals at target organisations from a variety of sectors  were identified , but there was a focus on a few such as renewable energy, environmental protection organisations, and industrial technology. This research using OSINT alone is unable to acquire the full story, but  hopefully can paint a p