Utilities companies in the United States are being targeted by spear phishing attempts, and security researchers are considering the option that a state-sponsored hacking group may be behind the attacks.
According to cybersecurity researchers from Proofpoint, the emails are impersonating the US National Council of Examiners for Engineering and Surveying (NCEES), with Microsoft Word attachments that contain with a malicious macro.
If the victim downloads the word file and runs the macro, it installs and runs malware which Proofpoint calls “LookBack”.
The malware comes with a Remote Access Trojan which can wreak havoc on the target machine, including deleting files or taking screenshots, as well as deleting itself from the infected network.
Proofpoint says that this new malware family is being delivered using familiar phishing tactics. Even though it doesn’t point any fingers, it does say that these tactics were employed by “known APT adversaries” which means there is a “continuing risk from nation-state actors”.
This is not the first time we’re seeing utility companies under cyberattacks. The government of Baltimore was recently under malware attack, which left its citizens unable to pay utility bills.
A similar scenario happened in Johannesburg recently where entire city blocks were left without electricity after a power company’s network was infected with ransomware.