Emotet Spoofs DNC in New Attack Campaign
Thousands of Emotet emails contain a message body pulled directly from the Democratic National Committee website, researchers report.
A new Emotet attack campaign impersonates the Democratic National Committee (DNC) to convince victims to open a malicious document containing macros to download and install the malware.
Emotet reappeared on the threat landscape this summer following a brief hiatus in early 2020. Since its return, security researchers tracking the threat report attackers have adopted new tactics, including defense evasion techniques that help them bypass endpoint detection tools.
Proofpoint researchers say TA542, the attacker behind Emotet, has historically sent messages to state and local government recipients but has not used political lures. This changed on Oct. 1, when they saw thousands of Emotet emails with the subject line "Team Blue Take Action" sent to hundreds of organizations based in the US. The message body was pulled directly from a page on the DNC website with the addition of a line asking the target to open an attached file.
This file is a Word document, also titled "Team Blue Take Action," which contains macros that, if enabled, will download and install Emotet, the research team explains in a blog post. The current second-stage payload is Qbot "partner01" and The Trick "morXXX," with the X standing for a number -- for example, "mor125."
Researchers noticed additional related subjects including Valanters 2020, Detailed information, List of works, Volunteer, and Information. Additional related file names include Team Blue Take Action.doc, List of works.doc, Valanters 2020.doc, Detailed information.doc, and Volunteer.doc.
It's unlikely Emotet's political messaging is driven by a particular political ideology, researchers report. The attackers' adoption of political lures arrived shortly after the first 2020 presidential debate and weeks ahead of the presidential election. Researchers say it's more likely TA542 is leveraging a popular topic to reach as many victims as possible.
Read the full blog post for more details.
About the Author
You May Also Like
Transform Your Security Operations And Move Beyond Legacy SIEM
Nov 6, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024Securing Tomorrow, Today: How to Navigate Zero Trust
Nov 13, 2024The State of Attack Surface Management (ASM), Featuring Forrester
Nov 15, 2024Applying the Principle of Least Privilege to the Cloud
Nov 18, 2024