According to a recent article by a security company called Proofpoint, in the summer of 2019, traces of a malware attack were discovered, unnoticed for at least two months, targeting primarily U.S. utilities. According to the analysis, the attackers spread malware called FlowCloud, which was hidden in a portable executable file (PE file) during the first wave of attacks, in emails sent to utility employees offering free training opportunities for 30 days. Between July and September 2019, these PE files were typically attached to emails and then the tools used for the attack were changed (PE files were replaced with Microsoft Word documents), but their targets remained unchanged in organizations that play an important role in the U.S. public utility infrastructure.
In their work, Proofpoint analysts found several similarities between the attackers who distributed the FlowCloud malware and earlier, the LookBack malware, also targeted at U.S. utilities, whom they refer to as TA410.