FlowCloud
The LookBack malware was first described in July 2019 when it was identified in several campaigns that targeted high-profile companies in the American utility industry. The malware implant served the purpose of providing remote attackers with the ability to monitor the infected system's activity, as well as collect files from it. The highly targeted attacks, combined with the distinctive quality of the malware implant, showed that this attack was planned and executed by an experienced threat actor that cybersecurity researchers are likely to have already come across. It seems that the group behind the LookBack malware was involved with a similar project called FlowCloud, and, surprisingly, it often targeted the same companies and even the same recipients as the original LookBack campaign. In fact, both the LookBack and FlowCloud campaigns were executed alongside each other.
US Utility Organizations Targeted by FlowCloud and LookBack Malware
The emails used to deliver the FlowCloud implant appeared to be divided into two waves – the first wave delivered PE attachments that used a double extension to conceal their true purpose, while the second one improved the campaign by introducing macro-laced Microsoft Office documents. As we mentioned above, the targets of the FlowCloud campaign were utility contractors and organizations in the United States. Often, the emails used topics related to various certificates and courses that the organization is likely to be express interest in.
Once the FlowCloud implant is up and running, it will connect to a remote control server and wait for the instructions of the attackers. FlowCloud shares similar features to LookBack, and it resembles a Remote Access Trojan (RAT) – it can collect files, clipboard data, deploy and run additional applications, manage running services/processes and execute remote commands.
FlowCloud and LookBack are both advanced pieces of malware that appear to be distributed to the same targets. Organizations can protect their networks by using properly configured firewall services and up-to-date anti-malware software.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.