Recent reports revealed that hackers have been targeting a US government agency with malicious emails, but they also used a never-before-seen malware downloader, Carrotball.
A new report indicates that the US government agency was targeted by hackers, who conducted their attack between July and October 2019. The attackers targeted the agency’s employees with spear-phishing emails which were also using numerous malware strains.
One significant detail, however, is the use of an entirely new malware downloader that researchers have encountered for the first time. They named the downloader ‘Carrotball,’ while the campaign itself was titled ‘Fractured Statue.’ Reports indicate that the campaign involved around 6 unique malicious document baits and that it was conducted from four Russian email addresses. The attackers targeted ten different individuals, and the documents that were sent to them were in Russian, as well, but they concerned the issues with North Korea. A member of the Unit 42 research group from Palo Alto Networks, Adrian McCabe, commented by saying that the campaign offers clear evidence that the tactics, techniques, and procedures are still quite relevant. The group that had conducted the attack is likely still quite active. However, he also noted that the development and use of the new downloader, Carrotball, as well as an older delivery mechanism, Carrotbat, indicates that the group’s older methods were likely ineffective.U.S. Gov Agency Targeted With #Malware-Laced Emails: The malicious email campaign included a never-before-seen malware downloader called #Carrotball, and may be linked to the APT group #Konni. https://t.co/964MaTVJjW via @threatpost
— Argha 🏏 📚 💻 (@StringsVsAtoms) January 24, 2020

Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.
Sponsored
Sponsored