Emotet attacks back from break

Tuesday, Jul 28, 2020

For the first time since the beginning of February 2020, waves of attack from the botnet Emotet again. Initially, the targets were primarily in the United States and the United Kingdom. The nature of the attacks has not changed since the numerous attacks in 2019. Recipients will receive word documents or links to them by e-mail, asking them to open them. If macros are allowed on the target computer, this activates the infected macros contained in the document, which are then installed automatically by Emotet.

According to estimates by IT security expert Sherrod DeGrippo, around 80,000 such emails had been sent by the evening of July 17, ZDNet reports. According to experts, the reports on all three known Emotet clusters - Epoch 1, 2 and 3 - are traceable. In the run-up to the new wave, observers had only discovered smaller test runs, according to Bleeping Computer. However, these emails would have contained outdated links or files with broken URLs.

Intentions are still unknown

The five-month interruption of almost all activities is the second long break in the bot network. Already between May and September 2019, observers saw no attacks. Initially, it was suspected that the network would be smashed unnoticed, which turned out to be a misconception in mid-September 2019. Accordingly, it is unclear what led to the new break. Last March, some cybercrime gangs simply said they would not attack hospitals as a result of the corona pandemic.

Source: https://www.heise.de/news/Emotet-Erste-Angriffswelle-nach-fuenfmonatiger-Pause-4847070.html

Contact

 Düsseldorfer Str. 75
 10719 Berlin, Germany
 +49 30 551 25 188
 +49 30 915 03 934
moc.tcennoc-ekons@liam