Emotet malware campaign back in action


By Dylan Bushell-Embling
Tuesday, 03 November, 2020

Emotet malware campaign back in action

Cybercriminals are engaged in a sustained campaign targeting the Australian healthcare sector, according to the Australian Cyber Security Centre (ACSC).

In a threat advisory, the Australian Signals Directorate unit warned it has “identified a sustained campaign by sophisticated cybercrime actors impacting the Australian health sector”.

Attackers are using the high-profile Emotet and TrickBot malware to spread ransomware variants to Australian healthcare providers.

The attack campaign is not limited to Australia, with the US Cybersecurity and Infrastructure Security Agency (CISA) recently issuing a similar cybersecurity alert.

The increase in activity targeting the health sector is similar to the activity detailed in the ACSC’s recent threat advisory warning of a resumption in the Emotet malware campaign aimed at a range of Australian targets, including critical infrastructure providers and government agencies.

Emotet is most commonly spread through malicious emails containing Microsoft Office attachments with infected macros. There have also been reports of PDF attachments containing Emotet, the ACSC said.

These macros are configured to download and install the Emotet malware when opened. Once present on a machine, Emotet attempts to spread within a network by brute-forcing user credentials and writing to shared drives.

Emotet also often downloads a secondary malware, called Trickbot, onto infected machines. Trickbot is a modular, multipurpose, command-and-control tool that allows attackers to harvest emails and credentials, move laterally within a network using exploits like EternalBlue, and deploy even more malware on infected networks.

A number of Emotet/Trickbot infections have resulted in ransomware attacks. Notably, there has been a recent attack on the Victorian health sector using the Ryuk ransomware variant.

Image credit: ©stock.adobe.com/au/Alexander Limbach

Related News

Sophos launches security advisory services in Australia

Sophos has introduced a range of security advisory services designed to detect and remediate...

Macquarie Telecom announces integration with Netskope

Macquarie Telecom has arranged to integrate its SD-WAN offering with Netskope's Security...

Payment industry urged to act now on quantum threats

The Emerging Payments Association of Australia has released a paper urging the payment industry...


  • All content Copyright © 2025 Westwick-Farrow Pty Ltd