Emotet malware attack on Email users at the United Nations

1030

Email Users at the United Nations were targeted with sophisticated phishing attacks by Emotet malware operators. Reports are in that the operators who developed Emotet have now devised a phishing email campaign in the name of the Permanent Mission of Norway. The hackers are seen pretending to deliver accounting forms, delivery notifications, and invoices which are malware-infected attachments to infiltrate into the computer network of the United Nations.

 


Technically speaking, Emotet is a banking malware Trojan which is developed to steal critical information.

 

A source from Bleeping Computer reported that the attack was targeted at 600 email addresses on a specific note. However, the number of victimized PCs so far is yet to be known.

 

Coming to the content of the email, the hackers managed to disguise the email as a true replica of Norway officials linked domain connected to a UN project who found an issue in a signed agreement and so a review is being sorted out on an immediate note through the attached word file- which is a bait to victimize the email recipient with a phishing attack.

 

Note 1- Emotet has been deemed as one of the largest cyber threats in 2019 and has now evolved into a download segment for additional payloads.

 

Note 2- According to a report published by Kaspersky, Emotet authors are seen selling access to the infection via an Infrastructure-as-a-service model. They were also caught renting access to infected botnet computers to Ryuk and Sodinokibi ransomware spreading gangs.

 

Note 3- The IT staff at the United Nations has taken note of the security alert and has taken all necessary measures to isolate the malware campaign from hitting their digital infrastructure.

 

Note 4- Once Emotet malware installs itself on a PC, it leads to the installation of other payloads such as TrickBot Trojan which harvests sensitive information from all the PCs on the network and then leads to the download of file-encrypting ransomware such as Ryuk- all action takes place in a nexus.