Between July 19 and July 25, 2019, a threat actor sent several spear-phishing emails to three U.S. companies in the utility sector. The emails were sent from a domain impersonating that of the National Council of Examiners for Engineering and Surveying, an authority in the industry. The emails contained Microsoft Word attachments that used macros to install and run a new remote-access Trojan (RAT) called LookBack.