Wednesday, May 22, 2024

CISA Warns of Emotet Malware Attacks Targeting Government Entities Via Weaponized Word Documents

CISA observes a significant increase in Emotet malware attacks that steals login credentials from various browsers, email clients, and applications.

The malware was first observed in mid-2014 as a banking Trojan, it is one of the most notorious email-based malware that offers several botnet-driven spam campaigns and ransomware attacks as a service.

Earlier this year authorities from France, Japan, and New Zealand observed a sudden spike with the Emotete malware infection targeting several companies and administrations.

CISA Alert

CISA released an alert that Emotet attacks resurged in July 2020, they able to see a “significant increase in malicious cyber actors targeting state and local governments with Emotet phishing emails.”

Emotet is an advanced trojan that is distributed via phishing email attachments, once clicked it penetrates the network by brute-forcing user credentials and writing to shared drives.

Its worm-like capabilities enable network-wide infections, also it uses modular Dynamic Link Libraries to continuously update its capabilities.

“Since July 2020, CISA has seen increased activity involving Emotet-associated indicators. During that time, CISA’s EINSTEIN Intrusion Detection System, which protects federal, civilian executive branch networks, has detected roughly 16,000 alerts related to Emotet activity.”

In the campaigns, Emotet used malicious word documents attached to phishing emails as initial insertion vectors, and the communication with the C&C server handled via an HTTP post request.

Communication With the C&C server occurs most over ports 80, 8080, 443, and in some cases over port 445. CISA warned users to stay safe as this notorious malware may occur anytime.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read

EmoCrash – Researchers Exploited a Bug in Emotet Malware to Stop its Distribution

New Wave of Emotet Malware Hacks Wi-Fi Networks to Attack New Victims


Latest articles

Cloud-Based Malware Attack Abusing Google Drive & Dropbox

A phishing email with a malicious zip attachment initiates the attack. The zip contains...

OmniVision Technologies Cyber Attack, Hackers Stolen Personal Data in Ransomware Attack

OmniVision Technologies, Inc. (OVT) recently disclosed a significant security breach that compromised its clients'...

Critical Flaw In Confluence Server Let Attackers Execute Arbitrary Code

The widely used team workspace corporate wiki Confluence has been discovered to have a...

Threat Actors Leverage Bitbucket Artifacts to Breach AWS Accounts

In a recent investigation into Amazon Web Services (AWS) security breaches, Mandiant uncovered a...

Hackers Breached Western Sydney University Microsoft 365 & Sharepoint Environments

Western Sydney University has informed approximately 7,500 individuals today of an unauthorized access incident...

Memcyco Report Reveals Only 6% Of Brands Can Protect Their Customers From Digital Impersonation Fraud

Memcyco Inc., provider of digital trust technology designed to protect companies and their customers...

DoppelGänger Attack: Malware Routed Via News Websites And Social Media

A Russian influence campaign, DoppelGänger, leverages fake news websites (typosquatted and independent) to spread...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles