Espionage Group Hits U.S. Utilities with Sophisticated Spy Tool
According to researchers, the threat actor APT group known as TA410 has added a new tool to its arsenal, a modular remote-access trojan (RAT). Proofpoint researchers have connected the group to attacks on the United States’ utility sector, targeting Windows devices. The RAT is called FlowCloud and can access installed applications and control the keyboard, mouse, screen, files, services, and processes of an infected computer.
The RAT also has the ability to exfiltrate information. The RAT seems to be related to previous attacks in which the LookBack malware was delivered. Researchers state that the RAT was first discovered last summer as part of a spear-phishing campaign against utility providers. The phishing email advertised training and certification information and contained a portable executable attachment.