Researchers with Proofpoint have uncovered various spearphishing campaigns that aim to infect US utility companies with a new kind of remote access trojan (RAT) dubbed LookBack. The spear phishing campaigns targeted three US utility firms between July 19 and 25.
The researchers think the campaigns “may be the work of a state-sponsored APT actor, based on overlaps with historical campaigns and macros utilized.” LookBack is a sophisticated RAT that can enable threat actors to view processes and data on infected systems, and can even delete files, take screenshots, operate the mouse, reboot the infected host and delete itself.
Read more: Nation-State APTs Target US Utilities With Dangerous Malware