SECURITY
SECURITY
SECURITY
Spear-phishing campaign targeting utility companies larger than previously thought
A spear-phishing campaign targeting U.S. utility companies is larger than previously thought and continues to operate, according to a new report Monday from security firm Proofpoint Inc.
The campaign, dubbed LookBack when it was discovered in August, involves targeting utility company employees with spear-phishing emails, which pretend to be from a certification test administrator. The emails include a malicious Microsoft Word document that when opened runs code that gives those behind the phishing attack the command-and-control framework needed to access data on a computer.
The Proofpoint researchers have identified at least 17 entities in the U.S. utilities sector targeted by these attacks from April 5 through Aug. 29, but the attempted phishing attacks are ongoing.
As was the case previously, a state-sponsored actor is suspected to be behind the LookBack campaign. While the researchers don’t say who is behind the campaign they attribute it to an advanced persistent threat group. APT groups are typically state-sponsored although that is not always the case.
It was previously believed that the APT10 group, a hacking group alleged to work on behalf of the Chinese Ministry of State Security’s Tianjin State Security Bureau, might be behind the attacks. Notably, both the IP addresses behind the spear-phishing campaign in the new report trace back to Hong Kong.
Lamar Bailey, senior director of security research at enterprise cybersecurity firm Tripwire Inc., told SiliconANGLE that U.S. utility companies are a huge target for bad actors around the world.
“Being able to shut down utilities or hold them for ransom would be a big blow to the nation that could result in outages or even deaths,” Bailey said. “Many of the critical utility systems are air-gapped from normal IT networks so remote attacks will not be successful. Therefore, the attackers target the employees and their mobile devices in hopes that they can eventually get access to the critical networks.”
And attackers can target anybody, not just key executives. “I hear people say all the time ‘I am not a target, I am not CEO or anything,’ but this is no longer true,” Bailey sai. “Any employee with access to important systems are targets, nation-state attackers want your access, not your bank account. When these reports and findings become available, they should be relayed to employees with instructions on how to protect themselves and the organizations.”
Photo: Pixabay
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
