A global operation of law enforcement, lead by Europol, has dismantled the infrastructure of the infamous Emotet botnet.
The Emotet banking trojan has been active at least since 2014, the botnet is operated by a threat actor tracked as TA542. In the middle-August, the malware was employed in fresh COVID19-themed spam campaign
Recent spam campaigns used messages with malicious Word documents, or links to them, pretending to be an invoice, shipping information, COVID-19 information, resumes, financial documents, or scanned documents.
Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities.
At the end of 2020, a large-scale Emotet campaign hit Lithuania, the malware infected the networks of Lithuania’s National Center for Public Health (NVSC) and several municipalities.
“Law enforcement and judicial authorities worldwide have this week disrupted one of most significant botnets of the past decade: EMOTET. Investigators have now taken control of its infrastructure in an international coordinated action.” reads the announcement published by Europol. “This operation is the result of a collaborative effort between authorities in the Netherlands, Germany, the United States, the United Kingdom, France, Lithuania, Canada and Ukraine, with international activity coordinated by Europol and Eurojust. This operation was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).”
According to Europol, Emotet’s infrastructure was composed of several hundreds of servers worldwide having different functionalities. The C2 infrastructure allowed operators to manage infected systems that were involved in malware distributions and in the provisioning of malicious services to criminal groups.
Law enforcement agencies and judicial authorities took control of the infrastructure from the inside, and bots are now redirected to the C2 infrastructure under the control of law enforcement.
The Dutch National Police’s as part of the criminal investigation discovered a database containing email addresses, usernames, and passwords stolen by the bots. You can check if your email address is included in the database here.
“As part of the global remediation strategy, in order to initiate the notification of those affected and the cleaning up of the systems, information was distributed worldwide via the network of so-called Computer Emergency Response Teams (CERTs),” continues the press release.
The National Police of Ukraine published a video showing a house search performed by its agents that seized computers, hard drives, and large amounts of money along with gold bars.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, Emotet)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.