A never-before-seen remote access trojan (RAT) has been discovered in a set of campaigns targeting the energy sector. Researchers called the malware PoetRAT due to various references to sonnets by English playwright William Shakespeare throughout the macros, which were embedded in malicious Word documents that were part of the campaign. The adversaries targets are mostly Azerbaijan organizations in the public and private sectors, specifically ICS and SCADA systems in the energy industry. Researchers also found a phishing campaign linked to this server purporting to be from the webmail of the Azerbaijan government.
Source: https://threatpost.com/new-poetrat-hits-energy-sector-with-data-stealing-tools/154876/