Skip to content
  • Home
  • RESOURCES
  • LEARN
  • About MSoS

Making Sense of Security

Securing your Digital World.

  • LATEST
  • RESOURCES
  • COURSES
  • ABOUT MSOS
Making Sense of Security

Emotet Used Phishing Emails to Target the United Nations

The Emotet trojan recently leveraged a phishing campaign to target email addresses associated with users at the United Nations.

In an email provided by Cofense to Bleeping Computer, Emotet’s handlers pretended to be representatives of Norway to the United Nations (UN). They used this disguise to conduct a phishing campaign with “highly specific targeting.” In total, they sent emails to approximately 600 UN email addresses.

The attack emails claimed that Norway’s representatives to the United Nations in New York had discovered a problem with a signed agreement. They then instructed recipients to review the issue by opening an attached Microsoft Word document.

Hi,

Please be advised that the new problem has been appeared today.
See below our info for this question.

Please let me know if you need anything else.

Regards

Permanent Mission of Norway to the United Nations in New York

If they didn’t catch the email’s awkward wording or grammar errors and opened its attachment, the recipient saw the same generic Word document template used by Emotet in all of its campaigns. This template instructed users to click on the “Enable editing” or “Enable Content” button. If they did so, the document’s malicious macros then executed and loaded Emotet on the recipient’s computer.

Upon successful infection, Emotet is capable of loading other threats such as Trickbot. That’s exactly what happened to Lake City, Florida back in the summer of 2019. In that attack, Emotet loaded Trickbot, malware which then deployed Ryuk on the municipality’s network.

Lake City ultimately agreed to meet the attackers’ demands of $460,000. Even so, the municipality ultimately fired its IT director shortly after paying the ransom.

The campaign targeting the United Nations highlights the need for organizations to defend themselves against phishing attacks. They can do so by educating their employees about some of the most common types of phishing campaigns in circulation today.

View Original Source Article HERE

Security

Post navigation

Peekaboo Moments baby-recording app has a bad database booboo
Why corporate boards are unprepared to handle cybersecurity risks

Recent Posts

  • Cybersecurity CEO: Identity Is A Beast, And The Foundation Of Security
  • Digital Defense Offers $1 Million In Free Ransomware Assessments To Aid Healthcare Providers
  • Cybercrime Bytes: Women In Cyber Up, Skills Gap Down, Undergrads Vs. Cyberscams
  • US Government Exposes North Korean Malware
  • Beware Of GetYourStimulusCheck.com And Other Coronavirus-Themed Domains

Securing Your WordPress Site Course

Bullguard

Making Sense of Security Some rights reserved.

Privacy Policy | Terms and Conditions | EULA

 

WordPress Di Blog Theme

en English
af Afrikaanssq Albanianar Arabicbs Bosnianbg Bulgarianzh-CN Chinese (Simplified)hr Croatianda Danishnl Dutchen Englishet Estoniantl Filipinofi Finnishfr Frenchgl Galicianka Georgiande Germanel Greekht Haitian Creolehaw Hawaiianiw Hebrewhi Hindihu Hungarianis Icelandicid Indonesianga Irishit Italianja Japaneseko Koreanku Kurdish (Kurmanji)lo Laola Latinlv Latvianlt Lithuanianlb Luxembourgishmt Maltesemn Mongolianne Nepalino Norwegianfa Persianpl Polishpt Portuguesero Romanianru Russiansm Samoangd Scottish Gaelicsr Serbiansk Slovaksl Slovenianes Spanishsv Swedishth Thaitr Turkishvi Vietnamesecy Welshyi Yiddish