Spear-Phishing Campaign Targets “Game of Thrones” Viewers

Proofpoint researchers recently observed a spear-phishing campaign using “Game of Thrones” as a lure to encourage users to open a malicious attachment purportedly offering spoilers and video clips of the show’s unreleased episodes. The attachment, however, attempts to install the 9002 remote access trojan (RAT), typically used by nation-state threat actors. Though the latest season of Game of Thrones has already concluded, this tactic is likely to be recycled for various other programs, capitalizing on a fervent, and oftentimes impatient, viewership. The NJCCIC recommends all of our members review Proofpoint’s analysis on this campaign and the 9002 RAT and maintain awareness of the latest scams and never click on links or open attachments delivered with unexpected or unsolicited emails. Additionally, if end users have taken action on these emails, be sure to run updated antivirus software on the system to detect and remove 9002 RAT infections and change passwords for accounts accessed on the infected system.