A U.S. government agency was targeted with spear phishing emails harboring several malware strains – including a never-before-seen malware downloader that researchers call “Carrotball.”
The campaign, which researchers observed occurring from July to October and code-named “Fractured Statue,” involved six unique malicious document lures being sent as attachments from four different Russian email addresses to 10 unique targets. The subject matter of the lures featured articles written in Russian pertaining to ongoing geopolitical relations issues surrounding North Korea.
“Overall, the Fractured Statue campaign provides clear evidence that the TTPs [tactics, techniques and procedures] discovered in Fractured Block are still relevant, and that the group behind the attacks still appears to be active,” said Adrian McCabe with Palo Alto Networks’ Unit 42 research group, in a Thursday analysis.