https://www.cyberscoop.com/apt-10-utilities-phishing-proofpoint/
By Sean Lyngaas
CYBERSCOOP
August 1, 2019
Hackers that may be state-sponsored tried to spearphish three companies in the
U.S. utility sector last month, cybersecurity company Proofpoint said Thursday.
The malware-laced emails were sent from July 19 to July 25 and appeared to
impersonate a national association that facilitates engineering exams,
Proofpoint researchers said. A Microsoft Word document attached to the emails
contained a remote access trojan capable of deleting files, taking screenshots,
rebooting a machine, and deleting itself from an infected network, among other
attributes.
Sherrod DeGrippo, Proofpoint’s senior director of threat research and
detection, told CyberScoop that her company blocked the spearphishing attempts
on the three companies, which are Proofpoint customers. However, she said, “it
is likely that this campaign extended to multiple utilities outside of our
purview.”
It is unclear who is behind the phishing operation. There are similarities
between the macros used in this campaign and targeting carried out last year by
a Chinese government-linked group against Japanese companies, Proofpoint said.
Researchers and U.S. officials have tied the group, known as APT10, to China’s
civilian intelligence agency, and have blamed it for a series of data-stealing
attacks on Western companies.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
