U.S. Government Targeted in Spear-Phishing Attacks
released on 2020-01-23 @ 03:32:19 PM
Between July and October 2019, Unit 42 observed several malware families typically associated with the Konni Group used to primarily target a US government agency, using the ongoing and heightened geopolitical relations issues surrounding North Korea to lure targets into opening malicious email attachments. The malware families used in this campaign consisted mainly of malicious documents featuring CARROTBAT downloaders with SYSCON payloads, but also included a new malware downloader Unit 42 has dubbed CARROTBALL.