US Agency Hit With N. Korean-Themed Phishing: Report

2020-01-27 15:48

A spear-phishing campaign targeted a U.S. government agency for several months last year using emails with content about North Korea geopolitics as a lure, according to an analysis from Palo Alto Networks' Unit 42.

It targeted five employees at a U.S. government agency - which the report did not identify - as well as two foreign nationals who had professional ties to North Korea, according to the Unit 42 report.

The campaign targeting the U.S. government agency came in three waves, Unit 42 researchers say: the first between July 15 and July 17, 2019; the second between Aug. 15 and Sept. 14, 2019; and finally one on Oct. 29.

In each wave, the attackers sent phishing emails that contained attached documents written in Russian pertaining to geopolitical matters related to North Korea, according to Unit 42.

If someone opened the attached documents, malicious macros would attempt to installed a customized dropper that Unit 42 refers to as "Carrotbat," which has been previously been spotted in the wild and is believed to have been used by Konni in other campaigns, according to the report.

News URL

https://www.inforisktoday.com/us-agency-hit-n-korean-themed-phishing-report-a-13649

#phishing #report #US