Sunday, February 28, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Suspected state-sponsored hacking group tried to break into US utilities

August 3, 2019
in Internet Security
Suspected state-sponsored hacking group tried to break into US utilities
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Cheap and years old: Creaky malware is still proving popular with crooks
Given a choice between free or state-of-the-art, cybercriminals know which they prefer.

A suspected nation state-sponsored hacking group attempted to infiltrate US utility firms in July, researchers say. 

You might also like

Cybercrime groups are selling their hacking skills. Some countries are buying

Why would you ever trust Amazon’s Alexa after this?

Microsoft: We’ve open-sourced this tool we used to hunt for code by SolarWinds hackers

On Thursday, Proofpoint researchers Michael Raggi and Dennis Schwarz said that between July 19 and July 25, spear-phishing emails were sent to three US companies responsible for providing utility services to the public.

The phishing emails impersonated an engineering licensing board, the US National Council of Examiners for Engineering and Surveying, and attempted to elicit panic in recipients by pretending that the victim company had failed an exam. 

This is a common technique used in phishing emails and is found in other examples including fake bank withdrawal emails, tax demands, and student loan complaints. If a target is frightened, they may be more likely to follow a phishing email’s instructions without thinking things through.

CNET: Snowden says Facebook is spying on you and wants to help fight back

Contained within the message was a Microsoft Word document, named Result Notice.doc, which used embedded macros to spring malicious code onto a recipient system. 

The emails originated from an IP address which led to the discovery of additional domains used to impersonate other engineering and electric licensing agencies in the United States. However, only the original domain, nceess[.]com, appears to be active in current phishing campaigns. 

screenshot-2019-08-02-at-09-04-17.png

If a victim opens the file and enables VBA macros, three Privacy Enhanced Mail (PEM) files are dropped; tempgup.txt, tempgup2.txt, and tempsodom.txt. These files are then decoded and transformed into Notepad-impersonating GUP.exe, libcurl.dll — a malicious loader — and  sodom.txt, a file which contains command-and-control (C2) configuration settings for the malicious code. 

See also: This new Android ransomware infects you through SMS messages

The malware, dubbed LookBack, is then launched via GUP.exe and libcurl.dll. 

LookBack is a Remote Access Trojan (RAT), written in C++, which is able to view system data, execute shellcode, tamper with, steal, and delete files, take screenshots, kill processes, move and click a mouse without user interaction, force an infected PC to reboot at whim, and remove itself from a machine.

LookBack is also able to create a C2 channel and proxy in order to exfiltrate and send system information to the attacker’s server. 

Proofpoint has connected the recent attacks with APT campaigns in 2018 linked to Japanese firms. FireEye researchers said the group — known as APT10 or Menupass — attacking media companies appears to be Chinese and has a history of going after targets in Japan. 

If it is the same threat actors, this could demonstrate that APT10 is branching out to include US firms in their hit-list.

TechRepublic: How to build a vulnerability response plan: 6 tips

Firm conclusions that LookBack is the work of a state-sponsored group seeking to disrupt core utilities and services are not possible, as the researchers note that the malware has not been actively associated with any APT previously and “no additional infrastructure or code overlaps were identified to suggest an attribution to a specific adversary.”

However, the macros do provide a clue to state-sponsored activity. Many of the connections between the macro and VBA function obfuscation are strikingly similar to the code used in the aforementioned Japanese attacks, despite being rewritten. 

“We believe this may be the work of a state-sponsored APT actor based on overlaps with historical campaigns and macros utilized,” Proofpoint says. “The utilization of this distinct delivery methodology coupled with unique LookBack malware highlights the continuing threats posed by sophisticated adversaries to utilities systems and critical infrastructure providers.”

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


Credit: Zdnet

Previous Post

A New 'Arbitrary File Copy' Flaw Affects ProFTPD Powered FTP Servers

Next Post

Get started with a sample weather cancellation service

Related Posts

Cybercrime groups are selling their hacking skills. Some countries are buying
Internet Security

Cybercrime groups are selling their hacking skills. Some countries are buying

February 28, 2021
Why would you ever trust Amazon’s Alexa after this?
Internet Security

Why would you ever trust Amazon’s Alexa after this?

February 28, 2021
Microsoft: We’ve open-sourced this tool we used to hunt for code by SolarWinds hackers
Internet Security

Microsoft: We’ve open-sourced this tool we used to hunt for code by SolarWinds hackers

February 27, 2021
Oxford University lab with COVID-19 research links targeted by hackers
Internet Security

Oxford University lab with COVID-19 research links targeted by hackers

February 27, 2021
Fastest VPN in 2021 | ZDNet
Internet Security

Fastest VPN in 2021 | ZDNet

February 27, 2021
Next Post
Get started with a sample weather cancellation service

Get started with a sample weather cancellation service

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Cybercrime groups are selling their hacking skills. Some countries are buying
Internet Security

Cybercrime groups are selling their hacking skills. Some countries are buying

February 28, 2021
New AI Machine Learning Reduces Mental Health Misdiagnosis
Machine Learning

Machine Learning May Reduce Mental Health Misdiagnosis

February 28, 2021
Why would you ever trust Amazon’s Alexa after this?
Internet Security

Why would you ever trust Amazon’s Alexa after this?

February 28, 2021
AI & ML Are Not Same. Here's Why – Analytics India Magazine
Machine Learning

AI & ML Are Not Same. Here's Why – Analytics India Magazine

February 27, 2021
Microsoft: We’ve open-sourced this tool we used to hunt for code by SolarWinds hackers
Internet Security

Microsoft: We’ve open-sourced this tool we used to hunt for code by SolarWinds hackers

February 27, 2021
Is Wattpad and its machine learning tool the future of TV? — Quartz
Machine Learning

Is Wattpad and its machine learning tool the future of TV? — Quartz

February 27, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Cybercrime groups are selling their hacking skills. Some countries are buying February 28, 2021
  • Machine Learning May Reduce Mental Health Misdiagnosis February 28, 2021
  • Why would you ever trust Amazon’s Alexa after this? February 28, 2021
  • AI & ML Are Not Same. Here's Why – Analytics India Magazine February 27, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates