U.S. Govt Agency Hit with New CARROTBALL Malware Dropper

[LASER_oneXM]

Content source

https://www.bleepingcomputer.com/news/security/us-govt-agency-hit-with-new-carrotball-malware-dropper/

A new malware called CARROTBALL, used as a second-stage payload in targeted attacks, was distributed in phishing email attachments delivered to a U.S. government agency and non-US foreign nationals professionally affiliated with current activities in North Korea.

CARROTBALL came in a Microsoft Word document acting as a lure for the target, from a Russian email address. The topic was geopolitical relations issues regarding North Korea.

Spear phishing from Russian emails

Researchers at Palo Alto Networks' Unit 42 analyzing a campaign between July and October 2019 noticed multiple malware families that are normally attributed to a threat group they refer to as KONNI. This campaign, which the researchers call Fractured Statue, used six unique document lures sent from four unique Russian email addresses.
... ....

 

[upnorth]

The Fractured Statue Campaign: U.S. Government Agency Targeted in Spear-Phishing Attacks

Unit 42 observed several malware families typically associated with the Konni Group primarily targetting a US government agency at the height of the US interacting with North Korea.

unit42.paloaltonetworks.com

Palo Altos report was interesting to read on a technical level and as usual very well presented.

@show-Zi , there's also a Japanese version available.

Fractured Statue攻撃キャンペーン: スピアフィッシング攻撃で米国政府が標的に

2019年7月から10月にかけて一般にKonniグループに関連するとされるマルウェアファミリが複数観測されました。このグループは主に米国政府機関を標的とし、北朝鮮をめぐって高まる地政学的関係問題を利用し、標的に悪意のある電子メールの添付ファイルを開かせようとします。

unit42.paloaltonetworks.jp

 

[ForgottenSeer 823865]

They will never learn...