FBI FLASH: Increased Number of Emotet Command and Control IP Addresses Identified

The FBI has released a FLASH message on Emotet, providing new internet protocol (IP) addresses that have been associated with modular banking Trojan since it recently resumed operations after a hiatus that began in early June (for more on Emotet’s revival, read an article WaterISAC discussed in the August 27, 2019 Security and Resilience Update). The FBI recommends system administrators immediately block these IP addresses to prevent Emotet from exploiting their systems.

Please note the IP addresses are included in the second document listed below, the Excel document.

WaterISAC also encourages members to review the FLASH message and use the information to detect and block Emotet activity, especially given that this malware has been observed in attacks, some successful, against the water and wastewater sector. These include incidents involving the Onslow Water and Sewer Authority (originally discussed in the October 16, 2018 Security and Resilience Update) and the Brick Township Municipal Utilities Authority (discussed during the March 2019 Cyber Threat Briefing).