For HomeFor BusinessFor Partners
Industry News
2 min read

Emotet strikes again, targeting 600 United Nations personnel

Alina BÎZGĂ

January 16, 2020

Promo Protect all your devices, without slowing them down.
Free 30-day trial
Emotet strikes again, targeting 600 United Nations personnel

The Emotet Trojan, identified by security teams in 2014, started out as banking malware meant to steal sensitive data. Initially focused on the financial sectors, the malware later morphed, adding spamming and malware delivery services.

Emotet”s latest phishing campaign targets 600 United Nations staffers and officials using Norway”s diplomatic presence in New York as bait.

Impersonating the Permanent Mission to the United Nations in New York, the attackers sent a phishing email stating that the Norwegian representatives have found a problem, with an agreement named “Doc_01_13” also attached.

You can read the full text of the Emotet phishing email below:

“Hi,

Please be advised that the new problem has been appeared today.

See below our info for this question.

Please let me know if you need anything else.

Regards

Permanent Mission of Norway to the United Nations in New York”

Similarities between previous Emotet attacks are clearly present in this new attack boasting recycled templates with poor grammar and documents of “high importance”.

So what happens if a recipient tries to open the malicious document?

Readers are warned the “document only available for desktop or laptop versions of Microsoft Office Word”, and are prompted to click on either the ‘Enable Editing’ or ‘Enable Content’ button to view the document.

Enabling the content immediately downloads and installs Emotet on the workstation. More concerning is that the malware will install other second-stage payloads including TrickBot Trojan, which gathers sensitive data such as login credentials, files and cookies. An attack like this poses a critical security risk and can fully compromise the network. Moreover, TrickBot paves the way for Ryuk, a type of ransomware that, if deployed, starts encrypting all data, rendering file recovery impossible without paying a ransom to the cybercriminals.

Seems like threat actors are stepping up their game in 2020, aiming for more and more government organizations and high-level targets. While proper training on spotting phishing emails can help, it’s important for organizations to have email security solutions that are able to both flag spearphishing attacks and detonate potentially malicious attachments in sandboxed environments, before reaching the employee’s endpoint.

tags

Industry News

Author

Alina BÎZGĂ

Alina BÎZGĂ

Alina is a history buff passionate about cybersecurity and anything sci-fi, advocating Bitdefender technologies and solutions. She spends most of her time between her two feline friends and traveling.

View all posts

Right now Top posts

Spam trends of the week: Crypto giveaways, false prophets, Fintech phishing scams and more hit user inboxes worldwide
Scam Spam

Spam trends of the week: Crypto giveaways, false prophets, Fintech phishing scams and more hit user inboxes worldwide

April 19, 2024

5 min read
Start Cyber Resilience and Don’t Be an April Fool This Spring and Beyond
Scam How to Tips and Tricks

Start Cyber Resilience and Don’t Be an April Fool This Spring and Beyond

April 01, 2024

2 min read
Spam trends of the week: Cybercrooks phish for QuickBooks, American Express and banking accounts
Spam Industry News Threats

Spam trends of the week: Cybercrooks phish for QuickBooks, American Express and banking accounts

November 28, 2023

4 min read
Protecting your important: Stick to these 8 cybersecurity tips for safe Black Friday and Cyber Monday deal hunting
Protecting Your Important How to Tips and Tricks

Protecting your important: Stick to these 8 cybersecurity tips for safe Black Friday and Cyber Monday deal hunting

November 08, 2023

4 min read

FOLLOW US ON SOCIAL MEDIA

You might also like

How to keep your Android device immune to malicious vaccine themed apps
Archive

How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine
Archive Industry News

Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands
Archive

Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read

Bookmarks

loader