Emotet campaign picks up steam again

B2B Cyber ​​Security ShortNews

Share post

TA542, a cybercriminal group that distributes Emotet malware, has ended its summer break and is launching more and more new campaigns. However, also with modified Emotet variants.

Group TA542 was absent for almost four months and was last seen in action in the summer of July 13, 2022. Since November 2, Proofpoint's security specialists have been monitoring new activities by TA542 - especially in Germany.

Key takeaways on the Emotet campaigns

  • TA542 uses customized Emotet variants in the new campaigns. The changes (see below) affect the payloads and bait used as well as changes to the Emotet modules, the loader and the packer.
  • Emotet now also delivers the banking Trojan IcedID.
  • The new activities indicate that Emotet is regaining its full functionality as a distribution network for various strains of malware.
  • The botnet has some key differences from previous campaigns. This indicates that new operators or new management are involved.
  • TA542's email campaigns are among the cybercrime leaders in terms of email volume. Proofpoint has already blocked hundreds of thousands of messages per day.
  • The Excel file containing the malware includes instructions for potential victims to copy the file to a Microsoft Office template location and run it from there. Administrator rights are required for this. This applies more to private computers than to company computers.

The main innovations of Emotet

  • New visual decoys for Excel attachments
  • Changes to the Emotet binary
  • Emotet uses a new version of the IcedID loader
  • In addition to IcedID, the malware downloader Bumblebee is used

Proofpoint's cybersecurity experts anticipate that TA542 will continue to adapt their method, with the potential for higher email volumes, more targeted regions, and new variants or techniques of attached or linked malware. The changes that have already been made to the Emotet binary suggest that the cyber criminals will continue to customize it as well.

Emotet: Experts expect strong rise

Everything indicates that Emotet will regain its full functionality as a distribution network for many major malware families. What is particularly interesting is that Emotet is evolving. We've been watching it for years and there's no sign of it ceasing operations. It keeps dying and reviving like a cat with more than nine lives.

More at Proofpoint.com

 


About Proofpoint

Proofpoint, Inc. is a leading cybersecurity company. The focus for Proofpoint is the protection of employees. Because these mean the greatest capital for a company, but also the greatest risk. With an integrated suite of cloud-based cybersecurity solutions, Proofpoint helps organizations around the world stop targeted threats, protect their data, and educate enterprise IT users about the risks of cyberattacks.


 

Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

HeadCrab 2.0 discovered

The HeadCrab campaign against Redis servers, which has been active since 2021, continues to successfully infect targets with the new version. The criminals' mini-blog ➡ Read more