Security firm Proofpoint on Monday revealed that what appears to be a state-sponsored hacking campaign targeting the U.S. utility sector with malware dubbed “Lookback” has continued and grown more sophisticated since it was first revealed this summer.

Proofpoint now says it has identified 17 utilities targeted from April 5 through Aug. 29, employing previously unknown techniques and with later phishing attempts using updated macros to obscure their purpose. The firm’s previous report said it had identified three targeted utilities.