Various organizations in the renewable energy industry have suffered a cyberespionage attack campaign in the last three years

Large-scale cyberespionage, used on numerous occasions to violate the cybersecurity of organizations and obtain their critical data, is no exception in the renewable energy industry, which, according to Bleeping Computer, has experienced a large-scale attack campaign in the last three years. Thus, according to this media, up to fifteen recognizable entities around the world have suffered different impacts caused by professional hackers.

The attack campaign, orchestrated with the objective of stealing the access credentials of the employees of these renewable energy companies in order to access the desired information, has been executed from the domains “*.eu3[.]biz”, “*.eu3[.]org” and “*.eu5[.]net”, through phishing techniques focused on compromised websites with Brazilian domains. This wave was discovered by security researcher William Thomas, part of the Curated Intelligence Trust, through the application of OSINT (open source intelligence) techniques such as DNS scans and public sandbox submissions.

These analyses revealed that the cyberespionage attacks, whose exact impact on the renewable energy industry is still unknown, were carried out using unsophisticated but effective phishing technology such as the “Mail box” custom toolkit, combined with the aforementioned compromised legitimate websites to host phishing pages. Furthermore, and although he cannot attribute this campaign to a specific actor, the evidence obtained by Thomas points to two main groups of activity: one from APT28 (FancyBear) and another from Konni (based in North Korea).

How does cybersecurity protect against cyberespionage attacks?

Preventing cyberattacks involves having the necessary tools for a powerful security network. Situations such as digitalization, with its consequent exposure of data, and new work models, with multiple connections from unknown networks, mean that the security systems we have known until now have become stagnant.

Ikusi’s cybersecurity solution monitors web traffic, combining security and control mechanisms applied to web browsing, email, and cloud applications (SaaS) to reduce risks derived from the use of these platforms and protect the organization and its customers. Something for which the company, with more than 50 years of experience in the sector, offers a demo to protect you thanks to the application of intelligence that fights against threats on multiple fronts

This cybersecurity solution inspects traffic and applies policies that restrict access to unauthorized or risky websites, blocks the reception of unwanted emails (SPAM) or those with malicious attachments. Additionally, it detects risks and anomalies in the behavior of common SaaS applications, such as logins from unauthorized locations or the sending of confidential or sensitive information outside the organization.

This solution is based on the combined application of best-in-class tools, such as Cisco Secure Email, which blocks ransomware delivered via spam and phishing emails; Cisco Umbrella, improving security visibility and detecting compromised systems; Cisco Secure Endpoint, protecting against endpoint ransomware; Cisco SecureX, which radically reduces dwell time and human-intensive tasks; Cisco Secure Access by Duo, which prevents adversaries from using stolen credentials to establish a foothold; and Cisco Secure Network Analytics, which provides agentless network problem detection and network traffic monitoring.