Wednesday, August 12, 13:13
Home security Hackers attacked 17 US utilities

Hackers attacked 17 US utilities

HackersProofpoint researchers said in a report 17 American businesses of public interest have been the target of a mysterious state hacking group. The hackers were sending Phishing emails to business employees for at least 5 months (April-August 2019).

Hackers have been trying to influence employees' systems with it LookBack, one trojan that offers remote access and has many features.

There is no evidence, but researchers assume that attacks come from the Chinese team APT10, as they observed some common methods.

Proofpoint's report is a continuation of one a report he had published in early August. Investigators then reported the attacks on three US utilities, which had been between 19 and 25 July 2019.

According to current data, Proofpoint states that the first attacks were more widespread than initially thought. The hackers increased their attacks and eventually targeted 17 businesses. In addition, there are suspicions that the attacks had started earlier than April.

Most government hacking teams tend to back down when companies security discover and make public their action.

However, according to a senior Proofpoint executive, this group did not fall into the fray and continued its attacks even after Proofpoint's first report in early August.

In fact, the hackers not only did not get killed but also developed new methods of attack in the meantime.

Attacks on energy companies

Based on the emails sent, the researchers conclude that hackers mainly targeted businesses in the energy field, such as power plants, nuclear power plants, wind farms and more.

The head of Proofpoint's research said the spear-Phishing The attacks did not affect a specific energy sector, but various utilities.

The hackers were representing employees of organizations working with businesses so they would not be suspected.

The hacking team used to domain names that mimicked GEC and NCEES as best as possible. In addition, phishing emails included one combination of legal and malicious documents to deceive them users.

If the victims opened the malicious documents, then the embedded VBA script downloaded and installed the LookBack malware.

Researchers have noticed that the new malware has many features that give the attacker a backdoor on the victim's computer.

According to Proofpoint, “LookBack malware is one Trojan remote access written in C ++ and transfers data from the infected host to a command and control IP.

Its potential is many. It monitors the system and files, deletes it archives, executes commands, downloads screenshots, moves and clicks with the mouse, restarts the computer and self-deletes it from the infected computer.

Proofpoint has managed to block spear-phishing attacks on its client networks. However, hackers may have been able to attack other businesses with LookBack malware.

Researchers found that before sending phishing emails, hackers scanned it network for detecting open SMB protocols (445 port).

These scans were made about two weeks before phishing emails to business employees and allowed hackers to detect vulnerabilities. systems.

Proofpoint did not say which utilities were the victims of the attack, as it said investigations were continuing.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

Netflix: How to change the language in profiles, subtitles and audio

Netflix is ​​not just an English-language streaming service with content from around the world. You can easily watch movies and ...

How to block spam calls and messages on Android?

Android can help you block and get rid of annoying spam calls. If you block ...

How do you turn large Twitter threads into readable posts?

If you are a regular Twitter user, you may have come across large Twitter threads that help the message exceed the limit ...

Do you want a Chromebook? Choose among the 4 best!

A good Chromebook is not much different from regular laptops, while the best of them may be nicer than ...

UniConverter: Convert videos to 1000 formats 30 times faster!

If you are a video content creator, you will definitely need to convert a video to various formats many times, without compromising ...

How to persuade older people to use technology?

Technology can often seem daunting and difficult to older people who are unfamiliar with ...

How to stream 4K Ultra HD content to Netflix?

During the quarantine, Netflix has been a great help to people spending boring hours at home. The service has ...

iPhone: Add and remove Widgets from the Home screen

Apple brought the widgets to the Home screen of the iPhone with iOS 14. This is an advanced form of widgets from ...

The best security cameras to protect your home!

If you are afraid of intruders in your home, these security cameras can stream live video directly to your phone.

Do hackers carry out their attacks in real time?

More generally, there is a perception that hackers are suddenly infiltrating systems and devices and carrying out attacks. However, the reality is different. The...