Skip to main content
close search
site logo
Dive Brief

Foreign hackers impersonated professional licensing board in attack on utilities

Published Aug. 2, 2019
Robert Walton's headshot
Senior Reporter
Getty

Dive Brief:

  • Security firm Proofpoint on Thursday said it uncovered an "advanced phishing campaign" that specifically targeted U.S. utility companies by impersonating an engineering licensing board.
  • The firm said emails sent between July 19 and July 25 went to three utilities, which it declined to name. Messages purporting to be from the U.S. National Council of Examiners for Engineering and Surveying contained a malicious attachment that utilized macros to install and run malware named “LookBack.”
  • The attempts highlight the "continuing global risk from nation-state actors," according to Proopoint. In June, the United States' chief energy regulator warned the electric grid is "increasingly under attack by foreign adversaries."

Dive Insight:

When Neil Chatterjee, chairman of the Federal Energy Regulatory Commission, appeared before a House subcommittee in June he warned lawmakers about the growing threat to critical infrastructure, particularly from abroad.

​Physical and cyber attacks "have the potential to create significant, widespread and potentially devastating effects that threaten the health, safety and economic prosperity of the American people whom we serve," Chatterjee said.

The warning now appears prescient, as Proofpoint says the attacks in July were likely the work of foreign state-sponsored hackers.

"The utilization of this distinct delivery methodology coupled with unique LookBack malware highlights the continuing threats posed by sophisticated adversaries to utilities systems and critical infrastructure providers," the firm said in an Aug. 1 post to its web site.

The firm described the phishing campaign as "indicative of specific risk to US-based entities in the utilities sector." The emails utilized knowledge of utility sector licensing bodies, and "communicated urgency and relevance to their targets," said Proofpoint.

"Persistent targeting of any entity that provides critical infrastructure should be considered an acute risk with a potential impact beyond the immediate targets," the firm said. "Since so many other individuals and sectors rely on these services to remain operational safeguarding them is paramount."

While the United States utility sector has so far avoided major attacks, there is a growing understanding that the increasingly-interconnected grid must be better protected. In 2015, Ukraine's electric grid was hit by a cyberattack, which led to a lengthy blackout for almost 250,000 people.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
Operant Networks Celebrates 15GW Deployment Milestone - Leading the Charge in Cybersecurity fo…
From Operant Networks
September 09, 2024
EPC Power Unveils the M System, Redefining Renewable Energy Integration and U.S. Manufacturing…
From EPC Power Corp.
September 09, 2024
Edo’s OpenADR 2.0b Certification Boosts Scalability of Grid-Interactive Buildings and Virtual …
From Edo
August 22, 2024
Virtual Peaker and Mysa Partner to Expand Energy Efficiency and Grid Modernization
From Virtual Peaker
August 26, 2024
Editors' picks
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell