RSM Defense Analyst Notes: On November 2nd, 2022, Cryptolaemus researchers observed the Emotet malware operation spamming malicious emails after a nearly five-month period of little activity. The current campaign uses stolen email reply chains to distribute malicious Excel attachments. The attachments target users worldwide using various languages and files names, masquerading as invoices, scans, electronic forms, and other lures.
The campaign also introduces a new Excel attachment template that instructs the users to copy the files into the trusted ‘Templates’ folders in order to bypass Microsoft’s Protected View, even for files containing a Mark of the Web flag. When launched from the Templates folder, the attachment will open and immediately execute macros that download Emotet as a DLL.
The new infections have not begun to drop additional malware payloads on infected devices. Emotet was previously known for installing TrickBot malware, and more recently Cobalt Strike beacons, used for initial access by ransomware groups. Source
Knowledge is certainly power, and it can help you overcome any fear of the unexpected. This is also true in the world of cybersecurity where the ability know and understand more about the activities of threat actors strengthens organizations to do more about the dangers and risks organizations and its personnel face.
At RSM Defense, we leverage the power of our vast RSM network of clients to enhance visibility into your organizations threat landscape and provide tactical context around threats to your organization regardless of industry or location. This makes RSM Defense’s array of threat intelligence services uniquely intelligent and enables our clients to be proactive rather than reactive. RSM Defense has decades of experience in global cyber defense operations, specifically specializing in cyber threat intelligence collections and reporting.
Unmatched in dark web intelligence, our RSM Defense team continuously aggregates sophisticated techniques, tactics and procedures of known threat actors. RSM Defense utilizes technology that continuously monitors the dark web landscape of victim notifications posted on threat actor sites for clients and their third-party affiliates. RSM Defense delivers comprehensive and holistic threat management services that include but not limited to credential exposure monitoring to help prevent digital extortion attacks, dynamic malware analysis services, as well as continuous stream of customized threat intelligence reporting and mitigation recommendations that will help reduce your organizations overall attack surface to vulnerability intelligence to executive personnel monitoring to third party risk and supply chain intelligence services. We strive to assist clients in avoiding costly insurance liability payments, digital extortion attacks, as well as protection of brand, assets, and networks against security breaches.
If you or your client wishes to receive additional information pertaining to RSM Defense’s wide array of threat intelligence services and technologies to protect you or your clients’ assets, brand reputation, and financial interests, please reach out to your RSM representative for more information.