Experts Comments: Utility Companies Across America Targeted In New Spear-phishing Campaign

It has been reported that a mysterious state-sponsored hacking group has targeted at least 17 US utility firms with phishing emails for a five-month period between April 5 and August 29. The purpose of these attacks was to infect employees at US utility firms with LookBack, a remote access trojan with an extensive set of features. While no formal attribution has been made, the attacks are believed to be the work of Chinese hackers, and more precisely, the work of a group tracked as APT10, based on some pieces of reused code.

Full Story Here: https://www.zdnet.com/article/17-us-utility-firms-targeted-by-mysterious-state-sponsored-group/

Experts Comments

September 25, 2019
Lamar Bailey
Senior Director of Security Research
Tripwire
US utility companies are enormous target for bad actors around the world. Being able to shutdown utilities or hold them for ransom would be a big blow to the nation that could result in outages or even deaths. Many of the critical utility systems are air-gapped from normal IT networks so remote attacks will not be successful therefore the attackers target the employees and their mobile devices in hopes that they can eventually get access to the critical networks. I hear people say all the time .....Read More
US utility companies are enormous target for bad actors around the world. Being able to shutdown utilities or hold them for ransom would be a big blow to the nation that could result in outages or even deaths. Many of the critical utility systems are air-gapped from normal IT networks so remote attacks will not be successful therefore the attackers target the employees and their mobile devices in hopes that they can eventually get access to the critical networks. I hear people say all the time “I am not a target I am not CEO or anything” but this is no longer true. Any employees with access to important systems are targets, nation-state attackers want your access, not your bank account. When these reports and finding become available they should be relayed to employees with instructions on how to protect themselves and the organizations.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.