A large-scale cyber-espionage campaign targeting renewable energy and industrial technology organizations has been discovered to be active since at least 2019. The campaign was discovered by security researcher William Thomas, a Curated Intelligence trust group member, who employed OSINT (open-source intelligence) techniques like DNS scans and public sandbox submissions. Thomas’ analysis revealed that the attacker uses a custom ‘Mail Box’ toolkit, an unsophisticated phishing package deployed on the actors’ infrastructure, as well as legitimate websites compromised to host phishing pages.”]