"Hundreds of Thousands of Emotet Attacks Spotted Daily After Four-Month Hiatus"
After a four-month hiatus, the cybercriminals running the Emotet botnet operation are already among the most high-volume threat actors in the current cybersecurity landscape. According to Proofpoint, detections of Emotet payloads dropped off in July 2022 but reemerged in early November, and the botnet is now serving as a primary facilitator for the delivery of major malware strains. Emotet previously resumed operations in November 2021, less than a year after a law enforcement operation shut down its original infrastructure, which had been targeting businesses with malware for years. According to the company, it has been blocking hundreds of thousands of Emotet-related emails every day, making it one of the most extensive email threat campaigns. Following its historical patterns, Emotet demonstrated continued evolution in its behavior, including changes in lures, the malware's binary, and other malware dropped through successful campaigns. Palo Alto Networks' Unit 42 team discovered that both IcedID and Bumblebee malware strains were dropped onto a victim's machine in a single Emotet infection. The IcedID strain currently spreading via Emotet, is a more recent version with different commands and a new loader, which could indicate a change in ownership or a new relationship between the criminals running IcedID and those behind Emotet. Since 2021, when it was observed distributing The Trick and Qbot, Emotet has not demonstrated full functionality and consistent follow-on payload delivery that is not Cobalt Strike. The return of TA542 coincides with the delivery of IcedID, which is concerning. IcedID has previously been identified as a follow-on payload to Emotet infections, often leading to ransomware. IcedID can retrieve desktop information, running processes, and system information, among other things. It can also use command-and-control (C2) infrastructure to read and exfiltrate files. This article continues to discuss the impact of Emotet following its hiatus.
ITPro reports "Hundreds of Thousands of Emotet Attacks Spotted Daily After Four-Month Hiatus"