FlowCloud

FlowCloud Description

Security researchers first spotted a threat called LookBack in July 2019. In this early campaign, the LookBack malware was used to target American utility corporations. The LookBack threat allows its operators to collect data from the compromised host, as well as monitor the activity of the breached system. Considering the features of the LookBack threat and the high-profile targets of the attackers, malware experts believe that the harmful campaigns have been carried out by an experienced and highly skilled group of cybercriminals.

Researchers also have uncovered a project named FlowCloud, which appears to resemble the LookBack malware. It is likely that the LookBack malware and the FlowCloud threat may have been developed by the same wicked actors. Both threats appear to be targeting the same companies and using similar propagation methods. The hacking campaigns of the FlowCloud and LookBack malware appear to have been carried out simultaneously.

The emails used to propagate the FlowCloud threat were split into two separate cycles. In the first propagation campaign, the targeted user would receive a corrupted PE attachment, which hides its extension. In the more recent distribution operation, the target would receive a fraudulent email, which has a macro-laced attachment that appears to be a harmless Microsoft Office document. Since the attackers were targeting utility companies located in the US, the phishing emails would contain themes that would be of interest to users in this sector, such as various certificates.

When the FlowCloud threat compromises the system of its target, it will connect to the attackers' C&C (Command & Control) server where it is supposed to receive commands from immediately. Both the FlowCloud threat and the LookBack malware can obtain files and data saved in the clipboard memory, as well as plant additional payloads. They also can execute remote commands provided by their operators and manage the active processes.

The FlowCloud malware and the LookBack threat are high-tier projects, which go after the same targets.