U.S. Govt Agency Hit With New CARROTBALL Malware Dropper

A new malware called CARROTBALL, used as a second-stage payload in targeted attacks, was distributed in phishing email attachments delivered to a U.S. government agency and non-US foreign nationals professionally affiliated with current activities in North Korea.

CARROTBALL came in a Microsoft Word document acting as a lure for the target, from a Russian email address. The topic was geopolitical relations issues regarding North Korea, Bleeping Computer reported.


EXPERTS COMMENTS
Erich Kron, Security Awareness Advocate,  KnowBe4
January 27, 2020
Spear phishing has long been a tool of adversaries and cyber criminals, and a very effective one at that.
Spear phishing has long been a tool of adversaries and cyber criminals, and a very effective one at that. This type of an attack is no surprise, however it is obvious that the attackers have a very focused audience in this case. We have seen similar attacks where the phishing email was sent in a foreign language along with a convenient link to translate it, which was actually a link to an infected ....
[Read More >>]
Richard Bejtlich , Principal Security Strategist,  Corelight
January 27, 2020
Because some network traffic analysis and monitoring systems log and parse FTP, and can extract the files transferred.
Because of the protocols used in this campaign, network security monitoring practitioners have a chance to gather the evidence they need to detect and respond to individual attacks. The intruders used file transfer protocol to transfer files that are executed as commands on victim systems. Because some network traffic analysis and monitoring systems log and parse FTP, and can extract the files tra ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article