Threat Awareness – Emotet’s Slow Resurgence

Since November of last year, the infamous Emotet malware has slowly resurged in the wild, currently infecting more than 130,000 systems in 179 countries. Emotet activity ceased in January 2021, after law enforcement agencies took down its server infrastructure. However, the malware returned late last year with the help of Trickbot and Conti ransomware threat actors, which WaterISAC previously reported on. Since January 2022, Emotet infections have greatly increased mostly via phishing campaigns. Security researchers at Black Lotus Labs have identified new features of Emotet. Initial Emotet infections often start with the delivery of the Cobalt Strike tool. Black Lotus researchers note there are now around 200 unique command-and-control servers supporting Emotet’s activities. Members are encouraged to patch the latest Windows updates and carefully scrutinize suspicious emails to defend against this threat. Read more at BleepingComputer.