Email Users at the United Nations were targeted with sophisticated phishing attacks by Emotet malware operators. Reports are in that the operators who developed Emotet have now devised a phishing email campaign in the name of the Permanent Mission of Norway. The hackers are seen pretending to deliver accounting forms, delivery notifications, and invoices which are malware-infected attachments to infiltrate into the computer network of the United Nations.
Ā
Technically speaking, Emotet is a banking malware Trojan which is developed to steal critical information.
Ā
A source from Bleeping Computer reported that the attack was targeted at 600 email addresses on a specific note. However, the number of victimized PCs so far is yet to be known.
Ā
Coming to the content of the email, the hackers managed to disguise the email as a true replica of Norway officials linked domain connected to a UN project who found an issue in a signed agreement and so a review is being sorted out on an immediate note through the attached word file- which is a bait to victimize the email recipient with a phishing attack.
Ā
Note 1-Ā Emotet has been deemed as one of the largest cyber threats in 2019 and has now evolved into a download segment for additional payloads.
Ā
Note 2-Ā According to a report published by Kaspersky, Emotet authors are seen selling access to the infection via an Infrastructure-as-a-service model. They were also caught renting access to infected botnet computers to Ryuk and Sodinokibi ransomware spreading gangs.
Ā
Note 3-Ā The IT staff at the United Nations has taken note of the security alert and has taken all necessary measures to isolate the malware campaign from hitting their digital infrastructure.
Ā
Note 4-Ā Once Emotet malware installs itself on a PC, it leads to the installation of other payloads such as TrickBot Trojan which harvests sensitive information from all the PCs on the network and then leads to the download of file-encrypting ransomware such as Ryuk- all action takes place in a nexus.
Ā