Cybersecurity agencies from Japan, France, and New Zealand have issued security alerts in recent publications. In the publications, they warn about a massive spike in Emotet malware attack. The Emotet activity involves email spam campaigns that are a product of the Emotet infrastructure.
They have been found targeting companies and other government agencies in the three countries that published the alerts.
Organizations were targeted through employees who received the emails, opened them, and consequently ran the attached documents, which released malware into company and agency systems. This puts them at risk of infection with some of the most potent malware.
Three mini-botnets in action
Cryptolaemus is a group of security researchers who track Emotet campaigns. Joseph Roosen, a member, said that the Emotet botnet has been active in recent weeks, especially in the three countries mentioned earlier.
For instance, in New Zealand, Roosen said that the country had been targeted heavily by Emotet email operators using emails from E3 (one of the three mini-botnets that make up the entire Emotet infrastructure.)
While E3 focused on New Zealand for the most part, all three mini-botnets (E1 and E2) were targeting Japan. According to CERT Japan, the Emotet spam waves caused a tripling of reports.
France took a hit
Emotet infected computers in the Paris court system network, making headlines and causing a state of emergency among the concerned officials. The French Ministry reacted by blocking Office Documents’ delivery via email.
The French cyber-security agency ANSSI followed this with an official cyber threat alert that told government officials and agencies to pay attention to emails before opening them.
Emotet infects one computer and then uses old email threads to spread. They add malicious files as part of old conversations to make everything look legit.