A potentially state-sponsored hacking campaign tried to phish U.S. utilities in July, researchers say

[InfoSec News <alerts () infosecnews org>]

https://www.cyberscoop.com/apt-10-utilities-phishing-proofpoint/

By Sean Lyngaas
CYBERSCOOP
August 1, 2019

Hackers that may be state-sponsored tried to spearphish three companies in the 
U.S. utility sector last month, cybersecurity company Proofpoint said Thursday.

The malware-laced emails were sent from July 19 to July 25 and appeared to 
impersonate a national association that facilitates engineering exams, 
Proofpoint researchers said. A Microsoft Word document attached to the emails 
contained a remote access trojan capable of deleting files, taking screenshots, 
rebooting a machine, and deleting itself from an infected network, among other 
attributes.

Sherrod DeGrippo, Proofpoint’s senior director of threat research and 
detection, told CyberScoop that her company blocked the spearphishing attempts 
on the three companies, which are Proofpoint customers. However, she said, “it 
is likely that this campaign extended to multiple utilities outside of our 
purview.”

It is unclear who is behind the phishing operation. There are similarities 
between the macros used in this campaign and targeting carried out last year by 
a Chinese government-linked group against Japanese companies, Proofpoint said. 
Researchers and U.S. officials have tied the group, known as APT10, to China’s 
civilian intelligence agency, and have blamed it for a series of data-stealing 
attacks on Western companies.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_