By Jon Dougherty
(NationalSentinel) A new report from a notable cybersecurity firm says there are indications that a hacking collective associated with the Chinese government has been attempting to access U.S. power and utility companies.
The report, from Proofpoint, says that a recently uncovered phishing campaign, which involves sending malware-infected emails that appear to be from a trusted source that then allowed the sender to access systems or steal information, points to nation-state actors.
In particular, Proofpoint said phishing emails are emulating a licensing body within the utility sector.
“The profile of this campaign is indicative of specific risk to U.S.-based entities in the utilities sector,” the report says.
Cybersecurity researchers at Proofpoint are not certain who is behind the campaign but the malware campaign is utilizing phishing tactics that have been deployed by a hacking group known as APT. Sometimes referred to as APT10, the collective is a nation-state actor that is associated with China.
“They’re using a technique that’s been used by Chinese state actors in the past, but enough about these attacks is different that we cannot attribute them to an actor with confidence,” Ryan Kalember, executive vice president of Cybersecurity Strategy at Proofpoint, told Fox News in an email.
The report added, however, that the “risk that these campaigns pose to utilities providers is clear…Persistent targeting of any entity that provides critical infrastructure should be considered an acute risk with a potential impact beyond the immediate targets.”
James Lewis, Senior Vice President and Director, Technology Policy Program at the Center for Strategic and International Studies, told the network, “There’s not enough data to tell if it was a test, a signal, or regular reconnaissance. [It] might have been all three.”
What is concerning to cybersecurity researchers is the level of proficiency of the malware campaign. It is very believable and credible, not like other spearphishing attempts using emails that contain grammatical errors and other mistakes.
“These were excellent spear phishing attacks, credibly impersonating an industry licensing association and targeted at people in a role where that license would be essential to their work,” Proofpoint’s Kalember said.
He added that his firm managed to identify and thwart the attacks, but Proofpoint does not cover all utilities.
“We blocked all of the ones that targeted our customers, but cannot say definitively whether other organizations were successfully compromised,” he said.
- Follow The National Sentinel on Parler, the Twitter alternative
Subscribe to our YouTube channel
Subscribe to our Brighteon channel
Sign up for our daily headlines newsletter