The pernicious malware, which is spread via email, has been infecting organizations all over the world since 2014. By shining a spotlight on Emotet’s recent activities, researchers at Cisco Talos discovered that the US government is among the latest victims to be compromised.
Researchers made the discovery by closely examining the patterns of outbound email associated with the malware.
A Talos spokesperson said: “If a person has substantial email ties to a particular organization when they become infected with Emotet the effects would manifest in the form of increased outbound Emotet email directed at that organization.
“One of the most vivid illustrations of this effect can be seen in Emotet’s relationship to the .mil (U.S. military) and .gov (U.S./state government) top-level domains (TLDs).
“When Emotet emerged from its summer vacation back in mid-September 2019, relatively few outbound emails were seen directed at the .mil and .gov TLDs. But sometime in the past few months, Emotet was able to successfully compromise one or more persons working for or with the U.S. government.”
The malware’s successful compromise of at least one US government employee led to what researchers described as a “rapid increase” in the number of infectious Emotet messages directed at the .mil and .gov TLDs in December 2019.
Following a brief spot of respite over the winter holidays, Emotet is once again causing trouble. Cisco Talos said that the upward trend in the number of messages directed at .mil and .gov had “continued into January 2020.”
Emotet works by stealing someone’s email, then impersonating the victims and sending copies of itself in reply. The malicious emails are delivered through a network of stolen SMTP accounts.
Recipients, conned into thinking that they are receiving a message from a friend or professional colleague, open the email and are then infected.
The simplicity of Emotet’s attack strategy belies its effectiveness. “This relatively simple email-man-in-the-middle social engineering approach has made Emotet one of the most prolific vehicles for delivering malware that we have seen in modern times,” said researchers.