News Insights: Cyber espionage campaign targets renewable energy companies

A story in Bleeping Computer reveals that a large-scale cyber-espionage campaign is targeting primarily renewable energy and industrial technology organizations. It has been discovered to be active since at least 2019, targeting over fifteen entities worldwide.

News Insights:

According to Bryson Bort, CEO & Founder, SCYTHE (, “This is similar to the targeted credential theft attack as seen in the breach of the Florida water plant in 2020. The underlying goal depends on the nation-state actor involved. If it’s Russia, then it a further example of iterative intelligence against our critical infrastructure and possibly putting “levers” in place in anticipation of conflict (Ukraine weighs heavy on the mind). On the other hand, if it’s North Korea, then it could be the reconnaissance phase for future ransomware attacks. Renewables are the fastest growing energy segment which means they’re a target for financially motivated attacks.”


Saryu Nayyar, CEO and Founder, Gurucul (she/her) said, “While the attack itself is deemed “unsophisticated”, this is a perfect example of an elaborate industrial espionage campaign targeting multiple sectors to disrupt or steal data from a specific industry. While simple, this phishing attack is difficult to defend, however, with a next generation SIEM that supports behavioral analytics supported by adaptable machine learning models, the abnormal communications to suspicious domains can immediately be prioritized for security teams to investigate and determine if a real threat exists. If the campaign is indeed purported by proponents of the fossil-fuel industry, it is indeed unfortunate. Renewable energy companies need to invest more in cloud-native analytical security solutions to protect themselves against this type of threat, but also nation state threat actors looking to steal intellectual property for their own energy programs.”