Threat Awareness – Emotet Continues to Adapt and Evade

Yesterday, VMware’s Threat Analysis Unit published a detailed report on the infamous Emotet malware using data gathered from attacks since January 2022. The study’s key findings include that Emotet’s attack patterns are constantly evolving, the malware is modular and can serve a number of attack purposes, Emotet authors are hiding their command and control (C2) infrastructure, and the infrastructure is always shifting. WaterISAC tracks Emotet’s evolving attack chain and continues to report on its changing tactics, including in April and June. As a reminder, Emotet typically propagates via email phishing campaigns and often hijacks email threads. After being infected with Emotet, threat actors can use the infected device to further propagate Emotet or load other third-party malware such as ransomware. Since Emotet spreads primarily via email, one of the best prevention methods is to regularly remind users to be extra vigilant for suspicious emails. Access the full report at VMware or read a relevant article at Darkreading.