2 min read

Emotet strikes again, targeting 600 United Nations personnel

Alina BÎZGĂ

January 16, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Emotet strikes again, targeting 600 United Nations personnel

The Emotet Trojan, identified by security teams in 2014, started out as banking malware meant to steal sensitive data. Initially focused on the financial sectors, the malware later morphed, adding spamming and malware delivery services.

Emotet”s latest phishing campaign targets 600 United Nations staffers and officials using Norway”s diplomatic presence in New York as bait.

Impersonating the Permanent Mission to the United Nations in New York, the attackers sent a phishing email stating that the Norwegian representatives have found a problem, with an agreement named “Doc_01_13” also attached.

You can read the full text of the Emotet phishing email below:

“Hi,

Please be advised that the new problem has been appeared today.

See below our info for this question.

Please let me know if you need anything else.

Regards

Permanent Mission of Norway to the United Nations in New York”

Similarities between previous Emotet attacks are clearly present in this new attack boasting recycled templates with poor grammar and documents of “high importance”.

So what happens if a recipient tries to open the malicious document?

Readers are warned the “document only available for desktop or laptop versions of Microsoft Office Word”, and are prompted to click on either the ‘Enable Editing’ or ‘Enable Content’ button to view the document.

Enabling the content immediately downloads and installs Emotet on the workstation. More concerning is that the malware will install other second-stage payloads including TrickBot Trojan, which gathers sensitive data such as login credentials, files and cookies. An attack like this poses a critical security risk and can fully compromise the network. Moreover, TrickBot paves the way for Ryuk, a type of ransomware that, if deployed, starts encrypting all data, rendering file recovery impossible without paying a ransom to the cybercriminals.

Seems like threat actors are stepping up their game in 2020, aiming for more and more government organizations and high-level targets. While proper training on spotting phishing emails can help, it’s important for organizations to have email security solutions that are able to both flag spearphishing attacks and detonate potentially malicious attachments in sandboxed environments, before reaching the employee’s endpoint.

tags


Author



Right now

Top posts

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read
Top Three Ways Internet Users Unknowingly Help Cybercriminals

Top Three Ways Internet Users Unknowingly Help Cybercriminals

February 25, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Malware and PUA Campaigns Abuse Existing Apps, Here’s a Top 10 to Watch Out For Malware and PUA Campaigns Abuse Existing Apps, Here’s a Top 10 to Watch Out For
Silviu STAHIE

May 19, 2022

3 min read
Researchers Find Thousands of Websites that Record Everything You Type Researchers Find Thousands of Websites that Record Everything You Type
Radu CRAHMALIUC

May 16, 2022

2 min read
Ukrainian Citizen Sentenced to Prison for Brute-Forcing Credentials and Selling them Online Ukrainian Citizen Sentenced to Prison for Brute-Forcing Credentials and Selling them Online
Silviu STAHIE

May 13, 2022

2 min read