A global operation of law enforcement has dismantled the infrastructure of the infamous Emotet botnet.
A global operation of law enforcement, lead by Europol, has dismantled the infrastructure of the infamous Emotet botnet.
The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. In the middle-August, the malware was employed in fresh COVID19-themed spam campaign
Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information, resumes, financial documents, or scanned documents.
The infamous banking trojan is also used to deliver other malicious code, such as Trickbot and QBot trojan or ransomware such as Conti (TrickBot) or ProLock (QBot).
Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities.
At the end of 2020, a large-scale Emotet campaign hit Lithuania, the malware infected the networks of Lithuania’s National Center for Public Health (NVSC) and several municipalities.
“Law enforcement and judicial authorities worldwide have this week disrupted one of most significant botnets of the past decade: EMOTET. Investigators have now taken control of its infrastructure in an international coordinated action.” reads the announcement published by Europol. “This operation is the result of a collaborative effort between authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada and Ukraine, with international activity coordinated by Europol and Eurojust. This operation was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).”
According to Europol, Emotet’s infrastructure was composed of several hundreds of servers worldwide having different functionalities. The C2 infrastructure allowed operators to manage infected systems that were involved in malware distributions and in the provisioning of malicious services to criminal groups.
Law enforcement agencies and judicial authorities took control of the infrastructure from the inside, and bots are now redirected to the C2 infrastructure under the control of law enforcement.
The Dutch National Police’s as part of the criminal investigation discovered a database containing email addresses, usernames, and passwords stolen by the bots. You can check if your email address is included in the database here.
“As part of the global remediation strategy, in order to initiate the notification of those affected and the cleaning up of the systems, information was distributed worldwide via the network of so-called Computer Emergency Response Teams (CERTs),” continues the press release.
The National Police of Ukraine published a video showing a house search performed by its agents that seized computers, hard drives, and large amounts of money along with gold bars.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, Emotet)
Share On
Pierluigi Paganini
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at “Cyber Defense Magazine”, Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog “Security Affairs” recently named a Top National Security Resource for US. Pierluigi is a member of the “The Hacker News” team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books “The Deep Dark Web” and “Digital Virtual Currency and Bitcoin”.
A global operation of law enforcement has dismantled the infrastructure of the infamous Emotet botnet.
A global operation of law enforcement, lead by Europol, has dismantled the infrastructure of the infamous Emotet botnet.
The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. In the middle-August, the malware was employed in fresh COVID19-themed spam campaign
Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information, resumes, financial documents, or scanned documents.
The infamous banking trojan is also used to deliver other malicious code, such as Trickbot and QBot trojan or ransomware such as Conti (TrickBot) or ProLock (QBot).
Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities.
At the end of 2020, a large-scale Emotet campaign hit Lithuania, the malware infected the networks of Lithuania’s National Center for Public Health (NVSC) and several municipalities.
“Law enforcement and judicial authorities worldwide have this week disrupted one of most significant botnets of the past decade: EMOTET. Investigators have now taken control of its infrastructure in an international coordinated action.” reads the announcement published by Europol. “This operation is the result of a collaborative effort between authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada and Ukraine, with international activity coordinated by Europol and Eurojust. This operation was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).”
According to Europol, Emotet’s infrastructure was composed of several hundreds of servers worldwide having different functionalities. The C2 infrastructure allowed operators to manage infected systems that were involved in malware distributions and in the provisioning of malicious services to criminal groups.
Law enforcement agencies and judicial authorities took control of the infrastructure from the inside, and bots are now redirected to the C2 infrastructure under the control of law enforcement.
The Dutch National Police’s as part of the criminal investigation discovered a database containing email addresses, usernames, and passwords stolen by the bots. You can check if your email address is included in the database here.
“As part of the global remediation strategy, in order to initiate the notification of those affected and the cleaning up of the systems, information was distributed worldwide via the network of so-called Computer Emergency Response Teams (CERTs),” continues the press release.
The National Police of Ukraine published a video showing a house search performed by its agents that seized computers, hard drives, and large amounts of money along with gold bars.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, Emotet)