Security News > 2020 > June > Hacker Group Targeted U.S. Utilities in Two Parallel Campaigns
Dubbed FlowCloud, the remote access Trojan was used by the same threat actor that used the LookBack malware in campaigns targeting U.S. utilities providers last year.
"Both the FlowCloud and LookBack campaigns targeted utility providers in the United States. Both used training and certification-themed lures. And both used threat actor-controlled domains for delivery. In some cases, both FlowCloud and LookBack campaigns targeted not only the same companies but also the same recipients," Proofpoint explains.
As part of campaigns observed between July and September 2019, the attackers used portable executable attachments and subject lines such as "PowerSafe energy educational courses" to deliver the FlowCloud malware.
In November, the threat actor changed delivery tactics, adopting Microsoft Word documents carrying malicious macros instead. These resembled the delivery and installation macros used in LookBack malware campaigns.
The threat actor, the researchers note, is also investing into evolving phishing tactics to increase the effectiveness of their campaigns.