FlowCloud targeted attacks
https://www.bleepingcomputer.com/news/security/us-energy-providers-hit-with-new-malware-in-targeted-attacks/
U.S. energy providers were targeted by spear-phishing campaigns delivering a new remote access trojan (RAT) capable of providing attackers with full control over infected systems.
The attacks took place between July and November 2019, and the threat actor behind it — tracked as TA410 by Proofpoint researchers who spotted the campaigns — used portable executable (PE) attachments and malicious macro laden Microsoft Word document to deliver the malicious payload.