Researchers believe that nation-state actors are behind several spearphishing campaigns targeting U.S. utility companies with a newly-identified malware, which has the capabilities to view system data and reboot machines.
Lure emails were sent to three U.S. utilities companies between July 19 and 25. They purported to be from a U.S.-based engineering licensing board, but actually contained a malicious attachment that, once opened, installed and ran a never-before-seen remote access trojan (RAT) dubbed LookBack.
“We believe this may be the work of a state-sponsored APT actor, based on overlaps with historical campaigns and macros utilized,” said Proofpoint researchers, in a Thursday analysis. “The utilization of this distinct delivery methodology, coupled with unique LookBack malware, highlights the continuing threats posed by sophisticated adversaries to utilities systems and critical infrastructure providers.”