By: Zelijka Zorz
Published: August 2, 2019
* If you worked in a US company in the utilities sector and received an email notification telling you that you’ve failed your =93Fundamentals of Engineering=94 NCEES exam, would you download the attached Word file to check what’s up? Would you do it even if you know that you took no such exam? * The emails were made to look like they were sent by the US National Council of Examiners for Engineering and Surveying (NCEES), an engineering licensing board, and from a domain that looks like it could belong to the organization (nceess[.]com). * But it doesn’t, and the attacked Word file uses macros to install and run malware a remote access Trojan (RAT) module and a proxy mechanism used for C&C communication.