It has been reported that a mysterious state-sponsored hacking group has targeted at least 17 US utility firms with phishing emails for a five-month period between April 5 and August 29. The purpose of these attacks was to infect employees at US utility firms with LookBack, a remote access trojan with an extensive set of features. While no formal attribution has been made, the attacks are believed to be the work of Chinese hackers, and more precisely, the work of a group tracked as APT10, based on some pieces of reused code.
Full Story Here: https://www.zdnet.com/
US utility companies are enormous target for bad actors around the world. Being able to shutdown utilities or hold them for ransom would be a big blow to the nation that could result in outages or even deaths. Many of the critical utility systems are air-gapped from normal IT networks so remote attacks will not be successful therefore the attackers target the employees and their mobile devices in hopes that they can eventually get access to the critical networks. I hear people say all the time “I am not a target I am not CEO or anything” but this is no longer true. Any employees with access to important systems are targets, nation-state attackers want your access, not your bank account. When these reports and finding become available they should be relayed to employees with instructions on how to protect themselves and the organizations.