17 January 2020

Emotet increasingly targets US Military and Government


Emotet increasingly targets US Military and Government

The Emotet malware which is considered of the most destructive threats ever continues to evolve and grow. Researchers from Cisco Talos have observed an increase in Emotet activity targeting US military domains and domains belonging to state and federal governments. According to a new report, in the past few months Emotet successfully compromised accounts of one or more persons working for or with the U.S. government and sent out spam emails containing the malware to their contacts. The result was a rapid increase in the volume of messages containing Emotet directed at .mil and .gov top-level domains in December 2019, and this trend has continued into January 2020, the researchers say.

Emotet first appeared in 2014 as a banking Trojan, but over the years it has evolved into one of the most sophisticated and widely used tools for distributing malware. Emotet uses spam emails as a main delivery method. The malware typically hides in PDF documents, malicious links, or rogue Word documents. The malware steals persons’ email, then impersonates the victims and sends copies of itself in reply. The malicious emails are delivered via a network of stolen SMTP accounts. 

“This relatively simple email-man-in-the-middle social engineering approach has made Emotet one of the most prolific vehicles for delivering malware that we have seen in modern times,” Talos team noted.

“Another issue that is often overlooked is the exfiltration problem presented by Emotet. Users who have their email stolen and sent to Emotet's command and control (C2) infrastructure may have lost control over sensitive data and communications. For now, Emotet is content using this data to enhance its social engineering approach, but they could just as easily be reading/parsing the contents of these messages and acting/trading on the information contained therein,” the researchers continued.

Meanwhile, researchers at Cofence observed another Emotet phishing campaign, this time aimed at United Nations personnel targeting approximately 600 unique email addresses. The phishing emails purported to be from the Permanent Mission of Norway to the United Nations in New York. The message claimed that Norway’s representatives to the United Nations in New York has discovered a problem with an attached signed agreement, and the recipient needed to review the document to learn exactly what the issue was.

Once the victim opened the document and enabled its content, the malicious macros was executed. It downloaded and installed the Emotet malware on the computer, which, in turn, installed Trickbot trojan.

Back to the list

Latest Posts

Hackers probing the Internet for vulnerable Microsoft Exchange servers

Hackers probing the Internet for vulnerable Microsoft Exchange servers

Exchange servers admins are urged to patch their servers before hackers could get to them.
28 February 2020
New Wi-Fi chip bug affects over a billion of devices, including smartphones, tablets, laptops, and IoT gadgets

New Wi-Fi chip bug affects over a billion of devices, including smartphones, tablets, laptops, and IoT gadgets

Devices from Amazon, Apple, Google, and Samsung as well as some access points by Asus and Huawei, are found to be vulnerable to Kr00k.
27 February 2020
‘Cloud Snooper’ operation uses a unique combination of techniques to evade detection

‘Cloud Snooper’ operation uses a unique combination of techniques to evade detection

The attack involves piggybacking C2 traffic on a legitimate traffic, thus allowing to bypass firewalls.
26 February 2020