Threat Awareness – Emotet Returns After Four Month Break

BleepingComputer has reported on the Emotet botnet’s reawakening after its typical hiatus. Researchers from Cryptolaemus first observed the notorious botnet’s return after a four month break. According to the group, the most recent campaigns are utilizing stolen email reply chains to distribute a malicious Excel attachment that will download the malware. One difference from prior campaigns is the inclusion of additional instructions in the Excel file informing the victim to bypass certain Windows protections, notably an attempt to bypass Microsoft’s blocking of macros by default for attachments received from outside the recipient’s organization. It also appears that Emotet is holding back a little at the moment, as researchers have not yet observed this recent campaign dropping any additional malware, as has become standard behavior with everybody’s email enemy. WaterISAC continues to track Emotet’s evolving attack chain and report on its changing tactics, including in April and June. Members are encouraged to keep abreast of Emotet activity and follow recommended guidance to protect against this everlasting adversary. Read more at BleepingComputer.