The operators behind the notorious Emotet malware have taken aim at United Nations personnel in a targeted attack ultimately bent on delivering the TrickBot trojan. According to researchers at Confense, a concerted phishing campaign has been using emails purporting to be from the Permanent Mission of Norway, which maintains the Scandinavian country’s diplomatic presence in New York. The emails were sent to 600 staffers and officials across the U.N., claiming that there was a problem with a supposed “signed agreement” attached to the mails. The endgame however was to steal login credentials. According to a report confirmed by Threatpost with Cofense, if a victim opened the document, a pop-up warning appeared saying, “document only available for desktop or laptop versions of Microsoft Office Word.” Users were then prompted to click a button to “enable content,” which, if clicked, actually enabled malicious Word macros. In turn, these downloaded and installed Emotet, which would then run in the background. Emotet started life as a banking trojan in 2014 and has continually evolved to become a full-service threat-delivery mechanism. It can install a collection of malware on victim machines, including information stealers, email harvesters, self-propagation mechanisms and ransomware. In the case of the U.N. attacks, Emotet was seen attempting to send out spam emails to additional victims and download second-stage malicious payloads, including the TrickBot trojan, which can…
govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2020-01-15 13:57:002020-01-15 13:57:00U.N. Weathers Storm of Emotet-TrickBot Malware
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org