Never-Before-Seen Malware Downloader In Phishing Emails Targeting US Gov Agencies – Expert Commentary

By   ISBuzz Team
Writer , Information Security Buzz | Jan 24, 2020 03:00 am PST

Cybercriminals targeted a U.S. government agency with a spear-phishing campaign that leverages the increasing geopolitical relations issues surrounding North Korea to lure targets into opening malicious email attachments that contain malware strains, including a never-before-seen malware downloader, coined “Carrotball”. The fraudulent emails were sent from four different Russian email addresses to 10 unique targets.

Notify of
1 Expert Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Alexander García-Tobar
Alexander García-Tobar , CEO and Co-founder
January 24, 2020 11:23 am

The reality is, cybercriminals have become extremely adept at crafting emails that are indistinguishable from legitimate emails that recipients receive every day. In this incident, threat actors are using Russian email addresses to distribute documents that relate to the ongoing geopolitical tensions surrounding North Korea in hopes to lure victims into opening the malware-strapped documents. In many cases, though, social engineering phishing attacks include no malicious links or attachments at all, and therefore very often slip past traditional, content-based email security controls.

As phishing emails increasingly become harder and harder to detect, the first essential step is to prevent malicious emails from ever entering inboxes. For instance, these attacks would have been stopped by a robust sender-identity approach that blocks untrusted email senders like the ones used in this campaign. By implementing advanced anti-phishing solutions that validate sender identity, modern phishing attacks like these can be stopped in their tracks.

Last edited 4 years ago by Alexander García-Tobar

Recent Posts

Would love your thoughts, please comment.x