A spear-phishing campaign observed during late July targeted three U.S. entities from the utility sector with a new malware featuring a remote access Trojan (RAT) module designed to give the attackers admin control over the infected systems. The previously undocumented malware has been dubbed LookBack by the Proofpoint Threat Insight Team researchers who discovered and analyzed the phishing attacks and the dropped malicious payloads. The phishing emails appeared to impersonate a US-based engineering licensing board with emails originating from what appears to be an actor-controlled domain, nceess[.]com.
Source: https://www.bleepingcomputer.com/news/security/phishing-attacks-target-us-utilities-with-remote-access-trojan/