Over the past week, security alerts have been published by cyber-security companies from France, Japan, and New Zealand warning of a sudden and huge upsurge in Emotet malware attacks aimed at their respective countries.
Emotet activity defined in the warnings refers to email spam drives that started from Emotet infrastructure and targeted companies and government agencies in the three countries.
Joseph Roosen, a member of Cryptolaemus, a group of security experts who track Emotet malware campaigns, said that the Emotet botnet has been mostly vigorous of late, and particularly aggressive in the three countries.
Roosen said that, for example, New Zealand had been profoundly targeted by Emotet operators through emails emanating from E3 (one of the three mini-botnets that make the larger Emotet infrastructure).
Roosen said that, while E3 was busy spamming New Zealand, E1 and E2 were targeting Japan. As per CERT Japan, these Emotet junk waves boosted last week, prompting experts to be extra catious.
Although Japan and New Zealand have been heavily hit by spam waves, things were not worse off in France, where, Emotet spam waves haven’t been as rigorous in the other two countries.
Nevertheless, Emotet damaged computers on the network of the Paris court system, making headlines, and generating alarm bells among French officials.
Emotet operators used their old hoax of polluting one victim and then thieving older email threads. The group would then recover these old discussions, add malevolent files as attachments, and target new users with a genuine-sounding conversation.
In the fresh campaigns that targeted France, Japan, and New Zealand, Emotet seems to have used Windows Word documents (.doc) and password-protected ZIP archive files as the malicious email attachments.