France, Japan, and New Zealand warn of a surgein Emotet attacks

Cybersecurity agencies from multiple countries are warning of the surge of Emotet attacks targeting the private sector and public administration entities.

Cybersecurity agencies across Asia and Europe are warning of Emotet spam campaigns targeting businesses in France, Japan, and New Zealand.

The French national cyber-security agency published an alert to warn of a significant increase of Emotet attacks targeting the private sector and public administration entities in France.

The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. In the middle-August, the malware was employed in fresh COVID19-themed spam campaign

Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information, resumes, financial documents, or scanned documents.

Emotet malware is also used to deliver other malicious code, such as Trickbot and QBot trojan or ransomware such as Conti (TrickBot) or ProLock (QBot).

According to the French national cyber-security agency, the number of Emotet attacks increased for several days, and the attacks are targeting almost any business sector.

“For several days, ANSSI has observed the targeting of French companies and administrations by the Emotet malware,” reads the alert issued by the ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information).

“Special attention should be paid to this because Emotet is now used to deploy other malicious code that may have a strong impact on the activity of victims.”

New Zealand’s Computer Emergency Response Team (CERT) also published a security alert warning of spam campaigns spreading the Emotet threat.

“CERT NZ is aware of increased Emotet activity affecting New Zealand organisations.” reads the alert published by the New Zealand CERT.

“The emails contain malicious attachments or links that the receiver is encouraged to download. These links and attachments may look like genuine invoices, financial documents, shipping information, resumes, scanned documents, or information on COVID-19, but they are fake.”

Japan’s CERT (JPCERT/CC) also issued an alert to warn of a rapid increase in the number of domestic domain (.jp) email addresses that have been infected with the infamous malware and that can be employed in further spam campaigns.

“Since September 2020, JPCERT/CC has confirmed a sharp increase in the number of domestic domain (.jp) email addresses that can be infected with the malware Emotet and used to send spam emails that attempt to spread the infection.” reads the alert. “In addition, the number of consultations regarding Emotet infections is increasing, and we understand the situation where Emotet infections are spreading.”

JPCERT/CC has posted FAQ information on the JPCERT/CC Eyes blog and a tool dubbed EmoCheck that can be used to check for the malware infection on a computer.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, malware)

[adrotate banner=”5″]

[adrotate banner=”13″]