A new malware called CARROTBALL, used as a second-stage payload in targeted attacks, was distributed in phishing email attachments delivered to a U.S. government agency and non-US foreign nationals professionally affiliated with current activities in North Korea.
CARROTBALL came in a Microsoft Word document acting as a lure for the target, from a Russian email address. The topic was geopolitical relations issues regarding North Korea, Bleeping Computer reported.
U.S. Govt Agency Hit with New CARROTBALL Malware Dropper – by @Ionut_Ilascuhttps://t.co/xrDRnze6lw
— BleepingComputer (@BleepinComputer) January 24, 2020
Experts Comments
Linkedin Message
@Richard Bejtlich, Principal Security Strategist, provides expert commentary at @Information Security Buzz.
"Because some network traffic analysis and monitoring systems log and parse FTP, and can extract the files transferred...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/u-s-govt-agency-hit-with-new-carrotball-malware-dropper
Facebook Message
@Richard Bejtlich, Principal Security Strategist, provides expert commentary at @Information Security Buzz.
"Because some network traffic analysis and monitoring systems log and parse FTP, and can extract the files transferred...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/u-s-govt-agency-hit-with-new-carrotball-malware-dropper
Be part of our growing Information Security Expert Community (1000+), please register here.
Linkedin Message
@Erich Kron, Security Awareness Advocate, provides expert commentary at @Information Security Buzz.
"Spear phishing has long been a tool of adversaries and cyber criminals, and a very effective one at that. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/u-s-govt-agency-hit-with-new-carrotball-malware-dropper
Facebook Message
@Erich Kron, Security Awareness Advocate, provides expert commentary at @Information Security Buzz.
"Spear phishing has long been a tool of adversaries and cyber criminals, and a very effective one at that. ..."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/u-s-govt-agency-hit-with-new-carrotball-malware-dropper