"New Report Uncovers Emotet's Delivery and Evasion Techniques Used in Recent Attacks"

According to new VMware research, threat actors associated with the notorious Emotet malware are constantly shifting their tactics and command-and-control (C2) infrastructure to avoid detection. Emotet is the work of a threat actor known as Mummy Spider, also known as TA542, that first appeared in June 2014 as a banking Trojan before evolving into an all-purpose loader capable of delivering second-stage payloads such as ransomware in 2016. While the botnet's infrastructure was taken down in January 2021 as part of a coordinated law enforcement operation, Emotet reappeared in November 2021 via another malware known as TrickBot. Emotet's resurrection, orchestrated by the now-defunct Conti team, paved the way for Cobalt Strike infections and, more recently, Quantum and BlackCat ransomware attacks. This article continues to discuss the findings surrounding the delivery and evasion of Emotet. 

THN reports "New Report Uncovers Emotet's Delivery and Evasion Techniques Used in Recent Attacks"