April 08, 2013

Spear phishing campaign targeted energy sector

A spear phishing campaign targeting 11 energy sector companies occurred last October, according to the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).

After an electric utility company posted to its website the names, company email addresses, and work titles of industry employees that attended a recent committee meeting, attackers were able to utilize the information to craft their messages, ICS-CERT said in its latest newsletter (PDF).

The malicious emails asked recipients to click on an attached link that would direct them to access the sender's new email address. Instead, the link led users to a website that served malware. Another email carrying a malicious attachment is believed to be associated to the campaign, according to the newsletter.

The campaign was unsuccessful, leading to no “known infections or intrusions,” the report said.

Related Articles
Related Topics
Related Links

Sign up to our newsletters

More in News

House Intelligence Committee OKs amended version of controversial CISPA

Despite the 18-to-2 vote in favor of the bill proposal, privacy advocates likely will not be satisfied, considering two key amendments reportedly were shot down.

Judge rules hospital can ask ISP for help in ID'ing alleged hackers

The case stems from two incidents where at least one individual is accused of accessing the hospital's network to spread "defamatory" messages to employees.

Three LulzSec members plead guilty in London

Ryan Ackroyd, 26; Jake Davis, 20; and Mustafa al-Bassam, 18, who was not named until now because of his age, all admitted their involvement in the hacktivist gang's attack spree.