- Security firm Proofpoint on Thursday said it uncovered an "advanced phishing campaign" that specifically targeted U.S. utility companies by impersonating an engineering licensing board.
- The firm said emails sent between July 19 and July 25 went to three utilities, which it declined to name. Messages purporting to be from the U.S. National Council of Examiners for Engineering and Surveying contained a malicious attachment that utilized macros to install and run malware named “LookBack.”
- The attempts highlight the "continuing global risk from nation-state actors," according to Proopoint. In June, the United States' chief energy regulator warned the electric grid is "increasingly under attack by foreign adversaries."
When Neil Chatterjee, chairman of the Federal Energy Regulatory Commission, appeared before a House subcommittee in June he warned lawmakers about the growing threat to critical infrastructure, particularly from abroad.
Physical and cyber attacks "have the potential to create significant, widespread and potentially devastating effects that threaten the health, safety and economic prosperity of the American people whom we serve," Chatterjee said.
The warning now appears prescient, as Proofpoint says the attacks in July were likely the work of foreign state-sponsored hackers.
"The utilization of this distinct delivery methodology coupled with unique LookBack malware highlights the continuing threats posed by sophisticated adversaries to utilities systems and critical infrastructure providers," the firm said in an Aug. 1 post to its web site.
The firm described the phishing campaign as "indicative of specific risk to US-based entities in the utilities sector." The emails utilized knowledge of utility sector licensing bodies, and "communicated urgency and relevance to their targets," said Proofpoint.
"Persistent targeting of any entity that provides critical infrastructure should be considered an acute risk with a potential impact beyond the immediate targets," the firm said. "Since so many other individuals and sectors rely on these services to remain operational safeguarding them is paramount."
While the United States utility sector has so far avoided major attacks, there is a growing understanding that the increasingly-interconnected grid must be better protected. In 2015, Ukraine's electric grid was hit by a cyberattack, which led to a lengthy blackout for almost 250,000 people.