U.S. Utilities Face Phishing Attacks Intent on Gaining Remote Access

Last month saw a number of utility sector businesses targeted with spear phishing attacks that utilize a new remote access Trojan (RAT) that provides attackers with admin access.

We’ve seen a wave of attacks that appear to be focused on infrastructure-related organizations in the U.S. The recent seemingly coordinated attacks on local governments and municipalities are cause enough for alarm, but this latest string of attacks is downright frightening.

Last month, phishing emails targeting utilities appear to come from the US National Council of Examiners for Engineering and Surveying, utilizing a spoofed domain of NCEESS[dot]com. Using a scam involving exam “results notices”, the emails include a Word doc attachment that uses VBA macros to install a new RAT variant, dubbed LookBack.



LookBack is an impressive piece of code, with extended admin capabilities that allow an attacker to, discover the configuration of the infected endpoint, launch commands, establish a secure channel back to a command & control server, and more.

According to Bleeping Computer, the code used looks similar to attacks in 2018 targeting Japanese corporation. The utility sector attacks are suspected to be state-sponsored, possibly a Chinese espionage group.

Because phishing is the means of entry for these attacks, the good news is strong endpoint protection, DNS scanning can play a role in stopping the attacks before they reach the user’s inbox. Security Awareness Training can help educate users to spot suspicious emails (such as the use of a Word doc as the medium to provide exam results in the example above) and avoid clicking on the attachment in the first place.


Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews