Hackers are using old phishing techniques, but with new payloads to penetrate the networks of power generation facilities in the U.S. that have yet fix a long-known server vulnerability.