Thursday, May 22, 2025
Homecyber securityCISA Warns of Emotet Malware Attacks Targeting Government Entities Via Weaponized Word...

CISA Warns of Emotet Malware Attacks Targeting Government Entities Via Weaponized Word Documents

Published on

SIEM as a Service

Follow Us on Google News

CISA observes a significant increase in Emotet malware attacks that steals login credentials from various browsers, email clients, and applications.

The malware was first observed in mid-2014 as a banking Trojan, it is one of the most notorious email-based malware that offers several botnet-driven spam campaigns and ransomware attacks as a service.

Earlier this year authorities from France, Japan, and New Zealand observed a sudden spike with the Emotete malware infection targeting several companies and administrations.

- Advertisement - Google News

CISA Alert

CISA released an alert that Emotet attacks resurged in July 2020, they able to see a “significant increase in malicious cyber actors targeting state and local governments with Emotet phishing emails.”

Emotet is an advanced trojan that is distributed via phishing email attachments, once clicked it penetrates the network by brute-forcing user credentials and writing to shared drives.

Its worm-like capabilities enable network-wide infections, also it uses modular Dynamic Link Libraries to continuously update its capabilities.

“Since July 2020, CISA has seen increased activity involving Emotet-associated indicators. During that time, CISA’s EINSTEIN Intrusion Detection System, which protects federal, civilian executive branch networks, has detected roughly 16,000 alerts related to Emotet activity.”

In the campaigns, Emotet used malicious word documents attached to phishing emails as initial insertion vectors, and the communication with the C&C server handled via an HTTP post request.

Communication With the C&C server occurs most over ports 80, 8080, 443, and in some cases over port 445. CISA warned users to stay safe as this notorious malware may occur anytime.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Also Read

EmoCrash – Researchers Exploited a Bug in Emotet Malware to Stop its Distribution

New Wave of Emotet Malware Hacks Wi-Fi Networks to Attack New Victims

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Hackers Target Mobile Users Using PWA JavaScript to Bypass Browser Security

A sophisticated new injection campaign has been uncovered, targeting mobile users through malicious third-party...

Docker Zombie Malware Infects Containers for Crypto Mining and Self-Replication

A novel malware campaign targeting containerized infrastructures has emerged, exploiting insecurely exposed Docker APIs...

Hackers Masquerade as Organizations to Steal Payroll Logins and Redirect Payments from Employees

ReliaQuest, hackers have deployed a cunning search engine optimization (SEO) poisoning scheme to orchestrate...

PupkinStealer Exploits Web Browser Passwords and App Tokens to Exfiltrate Data Through Telegram

A newly identified .NET-based information-stealing malware, dubbed PupkinStealer (also known as PumpkinStealer in some...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Hackers Target Mobile Users Using PWA JavaScript to Bypass Browser Security

A sophisticated new injection campaign has been uncovered, targeting mobile users through malicious third-party...

Docker Zombie Malware Infects Containers for Crypto Mining and Self-Replication

A novel malware campaign targeting containerized infrastructures has emerged, exploiting insecurely exposed Docker APIs...

Hackers Masquerade as Organizations to Steal Payroll Logins and Redirect Payments from Employees

ReliaQuest, hackers have deployed a cunning search engine optimization (SEO) poisoning scheme to orchestrate...