There has been an ongoing targeted attack against industrial companies that began in August, researchers said.
This campaign targeted firms in the power generation and transmission, smelting, construction and engineering industries, said researchers at Kaspersky Lab.
Most of the organizations attacked in the campaigns are vendors of industrial automation solutions and system support contractors, such as companies that design, build and provide solutions for critical infrastructure, according to a Kaspersky blog post.
The attackers start off by sending emails that appear as if came from a legitimate person.
On top of that, the email headers show most of the emails came from legitimate email addresses belonging to valid organizations.
Attachments to the malicious emails included RTF files containing an exploit for the CVE-2015-1641 vulnerability, an older vulnerability in Microsoft Office patched in April 2015.
Kaspersky found the attackers wrote no new code for this campaign, adding the malware used “specific VB and MSIL packers that can diminish the ability” of antivirus products to detect the malware.
After compromising systems, attackers employ tools that can end up used to spy on users and steal sensitive data.
Based on data Kaspersky culled since October, 500 organizations from 50 countries ended up hit by the attack so far. That being said, no one is sure how many companies fell victim to the attack.