This article originally appeared in SiliconANGLE on August 4, 2019.
A recently detected phishing campaign targeting U.S. utility companies is believed to have its origins with a state-sponsored hacking group from China according to security researchers.
First detailed Thursday by researchers at Proofpoint Inc., the LookBack campaign targets utility company employees with emails purporting to be from the National Council of Examiners for Engineering and Surveying, a nonprofit organization that offers professional licensure for engineers and surveyors.
The emails claim to be delivering professional examination results but instead come with a malicious Microsoft Word document. If the attachment is opened, malicious Visual Basic for Application code is executed that gives those behind the campaign a command and control framework needed to access data on the machine.
The researchers noted that LookBack appears to be designed to steal data files and take operational screenshots. That gives credence to the idea that its primary goal is espionage, though once access is gained, the hackers could cause additional harm as well.
LookBack’s source is believed to be the notorious APT10 group, a hacking group alleged to work on behalf of the Chinese Ministry of State Security’s Tianjin State Security Bureau. The group itself has been regularly in the news this year for having targeted global telecommunications companies, computer services firms and various others. Hackers allegedly involved with the group were indicted by the U.S. Federal Bureau of Investigation in December.
“Many utility and power companies have invested in protecting their systems to avert a crippling attack,” Usman Rahim, digital security and operations manager at digital ad transparency firm The Media Trust, told SiliconANGLE. “There appears to be a blind spot when it comes to digital assets like websites and mobile apps, which consumers use to set up or stop service, pay their bills, et cetera.”
The risk, he added, is “terribly high that criminals and foreign actors are hacking these assets to gain a trove of consumer personal and financial information, as we have seen happen to large organizations. The question is, if only 58% of these companies are prepared to identify threats to their systems, how many — or, more likely, how few — are ready for an attack on their websites and mobile apps?”