Tuesday, January 19, 03:39
Home security France warns of sudden increase in Emotet attacks!

France warns of sudden increase in Emotet attacks!

The French National Cybersecurity Service issued a warning yesterday about the increase attacks of Emotet targeting private and public administrations across the country. In France, public administration has three sub-sectors: central public administrations (APUC), local government (LUFA) and social security administrations (ASSO).

Emotet, which was originally a bank-of-the-mill Trojan, first appeared in 2014, having now evolved into a malware botnet used by a hacking group known by the names TA542 and Mummy Spider.

Emotet-increase attacks

This malware is used by hackers to remove other families of malware, including Trickbot Which is used for development Ryuk and Conti ransomware payloads - and QakBot trojans on infected systems.

The French National Information Security Service (ANSSI) said it had observed the targeting of French companies and administrations by Emotet malware for several consecutive days. ANSSI also stressed the seriousness of the situation, as Emotet is now being used to develop other malware that could have a significant impact on victims. In addition, ANSSI pointed out that the botnet targets all business sectors worldwide, with attacks on organizations in France suddenly increasing in recent days.

Attack warning-France

ANNSI has also released a list of steps that organizations recommend to follow to prevent Emotet infections, but also to have a proper response after a possible infringement of their systems:
• Inform users not to enable macros in attachments, watch out for them e-mail receive and reduce the execution of macros.
• Restrict Internet access for all agents to a controlled "white list."
• Disconnect compromised machines from the network without deleting data.
• Send the samples (.doc and .eml) available to you for analysis to ANSSI to identify the IoCs that can be notified. This is very important as the intruder infrastructure is evolving frequently, so access to recent samples is essential.

This notification comes after the Emotet malware botnet came back with a huge one campaign malicious spam - which may appear as payment reports, invoices, employment opportunities and shipping information - for the delivery of malicious documents Word and attached spreadsheets, from 17 July.

Emotes malware

According to researcher James Quinn, Emotet last appeared on February 7, 2020, with the malware remaining "quiet" for five months and not sending spam until July. Furthermore, the Microsoft stated that since its reappearance on July 17, Emotet has continued its activities with daily spam messages in more than 500.000 emails every day (except weekends) from 2:00 a.m. Pacific time (UTC -7).

Upon its return, Emotet began installing the TrickBot trojan on infected computers Windows, to replace TrickBot payloads and spread QakBot malware. According to reports, QakBot will deliver the ProLock ransomware as a payload to some of the systems initially compromised by Emotet. In addition, Emotet, which threatens companies to a significant degree according to the warning issued by France, uses stolen attachments to improve the authenticity of its malicious emails. Inserts malicious URLs or attachments to new emails that attach to existing conversations. Finally, since returning to the Internet, Emotet has taken over first place in a list of the top 10 malware executives analyzed on the interactive malware analysis platform Any.Run.


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.



FCC: Extremists turn to radio equipment after banning from social media

The US government warns that extremists could turn to radio equipment to plan their future attacks, ...

Android: How to make Signal the default messaging app

Signal is a popular encrypted messaging application that focuses on privacy. It is an alternative to ...

Google Cloud: We use some SolarWinds, but we were not affected by the hack

Google Cloud CISO Phil Venables has revealed that the cloud uses software from the vendor, SolarWinds, but states that the use ...

Scotland Environment Service: ransomware continues to affect us

The Scottish Environmental Protection Agency (SEPA) has confirmed that it was hit by a ransomware attack last month and continues to face ...

Backdoors and vulnerabilities were discovered in FiberHome routers

Backdoors and other vulnerabilities have been discovered in the firmware of a popular FiberHome FTTH ONT router. FTTH ONT stands for Fiber-to-the-Home Optical Network ...

GitHub apologizes to an employee who fired! What happened;

GitHub has admitted that it was wrong to fire a Jewish official who made "anti-Nazi" comments about the Capitol riots.

By 2030 AI will replace the people of cybersecurity

Security company Trend Micro recently conducted a new survey that reveals that more than two-fifths (41%) of IT leaders believe ...

Chinese Winnti APT targets organizations in Russia and other countries!

Security researchers at Positive Technologies have uncovered a series of attacks carried out by a Chinese APT hacking team targeting organizations in Russia ...

Silicon Valley is investing a huge amount of money in India

From March to November, even when COVID-19 destroyed economies around the world, the richest man in India ...

Microsoft, Salesforce, Oracle are designing a digital vaccination passport

A Covid digital vaccination passport is being developed jointly by a team of health and technology companies, as well as governments, airlines and ...