New revival of activity on the side of the Emotet botnet


Is the sleeper waking up again? As reported by Bleeping Computer, cybersecurity firm Cofense just reported a resumption of Emotet botnet activity last Tuesday. It had been about three months since this malicious network had given any sign of life.

Sending malicious e-mails from the network were indeed detected at the beginning of the week. These fake invoice calls contained an office document archive attachment containing malicious macros. A risky technique, Microsoft having resumed the deployment of a feature blocking unreliable macros since the summer of 2022.

When opening the files, the download from the execution of a file linked to Emotet was triggered. To avoid detection by antiviruses, the transmitted archives are obese, weighing more than 500 megabytes.

Low sending volume

However, as Cofense points out to Bleeping Computer, the volume of sending these malicious e-mails remains low. For the company, the hackers behind the botnet are still in an intelligence-gathering phase, seeking to target new victims.

First detected in 2014, the Emotet banking Trojan had become one of the top cyber threats. This malicious program had evolved into one of the Swiss army knives of cybercriminals, allowing the distribution of other malicious codes, as noted by Anssi in a report in 2020.

This key role as a precursor to other computer attacks had made it a priority target for cybersecurity specialists. With success: Europol announced its dismantling in January 2021 after taking control of its infrastructure. American justice then reported the extent of the threat, with 1.6 million IP addresses of infected machines in one year. Still, despite this great operation, the botnet has been regularly talked about since. The sign that developers are still at work behind the malware.





Source link -97