Emotet malware campaign is back: ACSC


By Dylan Bushell-Embling
Tuesday, 06 October, 2020


Emotet malware campaign is back: ACSC

The Australian Cyber Security Centre has warned that the Emotet malware campaign targeting Australian businesses and government agencies is back in action.

In a threat advisory, the agency said it has observed “an ongoing and widespread campaign of malicious emails designed to spread the Emotet across a variety of sectors in the Australian economy, including critical infrastructure providers and government agencies”.

The attack campaign typically uses malicious attachments including Microsoft Word and Excel files and PDF attachments. These files contain macros designed to download and install the Emotet malware when opened.

But the ACSC has also received reports of Emotet being spread through untargeted bulk spam emails, as well as what appears to be targeted spear-phishing emails.

In addition, the agency has observed a recent increase in the Emotet malware using email thread ‘hijacking’ to spread itself.

This tactic involves the malware stealing an infected victim’s email contacts and recent email threads and exfiltrating this information to an actor-controlled command-and-control (C2) server, then sending further phishing emails containing a malicious Emotet attachment, leveraging existing email threads with uninfected contacts and spoofing the infected victim’s email address.

Previous Emotet attack activity has led to ransomware attacks, such as the attack on the Victorian health sector in 2019 using the Ryuk ransomware variant.

The ACSC is urging Australian organisations at risk of attack in the campaign to block macros from accessing the internet where possible, while hardening workstations to limit PowerShell access when not required to further limit the effectiveness of malicious macros.

Companies and agencies should also implement regular patching, conduct daily backups of critical data isolated offline, and consider adopting additional security controls including email content scanning or network segmentation.

The ACSC is also urging organisations suspecting that their environments have been compromised to report the incident to the agency.

Image credit: ©stock.adobe.com/au/Alexander Limbach

Related Articles

Nation-state actors have their sights on the cloud

Prioritising the protection of credentials and adopting robust security measures can better...

Combating financial crime with AI

Rapid digital transformation across Australia and New Zealand has provided cybercriminals with...

Learning from the LockBit takedown

An international taskforce has seized the darknet sites run by LockBit, but relying on law...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd