Alert to all businesses and administrations: the Emotet Trojan is once again raging in France. ANSSI, the French cybersecurity agency, has just published a bulletin warning organizations of the upsurge in this particularly harmful malware since last July.
Operated by the hacker group Mummy Spider aka TA452, it often happens through a phishing attack. It is then able to steal passwords, contacts and e-mails, to move, neither seen nor known, within a local network and, above all, to deposit various payloads, depending on the client of the moment. . In 2020, these are mainly Qbot and Trickbot, banking Trojans that are sometimes coupled with ransomware.
One of the characteristics of the recent attacks observed in France is the hijacking of discussion threads (“email thread hijacking”), a particularly formidable technique. As soon as Emotet has access to an email box, it exfiltrates its content which allows hackers to then forge fake emails in the form of a response to a chain of emails exchanged between the employee and his colleagues or partners. The goal is, of course, to recover sensitive information or infect other mailboxes.
Source : ANSSI