LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing Boards (Aug 1, 2019)
A phishing campaign has been identified by researchers at Proofpoint targeting utility companies. Occurring between July 19 and July 25, 2019, emails were sent to the utility companies impersonating the US National Council of Examiners for Engineering and Surveying.. The emails contained a malicious Word document that uses macros to run malware named “LookBack”, a Remote Access Trojan (RAT). LookBack has the ability to delete files, delete itself, execute commands, move and click the mouse, reboot the system, screen capture, and view processes and system data. Proofpoint researchers contend that this campaign is likely being conducted by a state-sponsored, Advanced Persistent Threat (APT) actor.
Recommendation: Spearfishing emails represent a significant security risk because the sending email will often appear legitimate to the target; sometimes a target company email is compromised and used for such emails. Education is the best defence, inform your employees on what to expect for information requests from their managers and colleagues. Employees should also be aware of whom to contact when they suspect they are the target of a possible spear phishing attack. Documents that request macros to be enabled should be avoided. Anti-spam and antivirus protection should be implemented and kept up-to-date with the latest version to better ensure security.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.