The Emotet trojan recently leveraged a phishing campaign to target email addresses associated with users at the United Nations.
In an email provided by Cofense to Bleeping Computer, Emotet’s handlers pretended to be representatives of Norway to the United Nations (UN). They used this disguise to conduct a phishing campaign with “highly specific targeting.” In total, they sent emails to approximately 600 UN email addresses.
The attack emails claimed that Norway’s representatives to the United Nations in New York had discovered a problem with a signed agreement. They then instructed recipients to review the issue by opening an attached Microsoft Word document.
Hi,
Please be advised that the new problem has been appeared today.
See below our info for this question.Please let me know if you need anything else.
Regards
Permanent Mission of Norway to the United Nations in New York
If they didn’t catch the email’s awkward wording or grammar errors and opened its attachment, the recipient saw the same generic Word document template used by Emotet in all of its campaigns. This template instructed users to click on the “Enable editing” or “Enable Content” button. If they did so, the document’s malicious macros then executed and loaded Emotet on the recipient’s computer.
Upon successful infection, Emotet is capable of loading other threats such as Trickbot. That’s exactly what happened to Lake City, Florida back in the summer of 2019. In that attack, Emotet loaded Trickbot, malware which then deployed Ryuk on the municipality’s network.
Lake City ultimately agreed to meet the attackers’ demands of $460,000. Even so, the municipality ultimately fired its IT director shortly after paying the ransom.
The campaign targeting the United Nations highlights the need for organizations to defend themselves against phishing attacks. They can do so by educating their employees about some of the most common types of phishing campaigns in circulation today.
English
Afrikaans
Albanian
Arabic
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Danish
Dutch
Estonian
Filipino
Finnish
French
Galician
Georgian
German
Greek
Haitian Creole
Hawaiian
Hebrew
Hindi
Hungarian
Icelandic
Indonesian
Irish
Italian
Japanese
Korean
Kurdish (Kurmanji)
Lao
Latin
Latvian
Lithuanian
Luxembourgish
Maltese
Mongolian
Nepali
Norwegian
Persian
Polish
Portuguese
Romanian
Russian
Samoan
Scottish Gaelic
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Vietnamese
Welsh
Yiddish