CISA-MS-ISAC cyber security experts: Emotet has become one of the most prevalent ongoing cyber threats. EINSTEIN Intrusion Detection System detected roughly 16,000 alerts, possibly linked to targeted campaigns

Emotet has become one of the most prevalent ongoing cyber threats. It has been denounced by the US Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC). The banking trojan, commonly functioning as a downloader or dropper of other malware, resurged in July 2020 after a dormant period that began in February. Since August, CISA and MS-ISAC have seen a significant increase in malicious cyber actors targeting state and local governments with Emotet phishing emails. In fact, since July 2020, there have been increased activity involving the malware-associated indicators. During that time, CISA’s EINSTEIN Intrusion Detection System, which protects federal, civilian executive branch networks, detected roughly 16,000 alerts, possibly linked to targeted campaigns. Traffic to known trojan-related domains or IPs occurred most commonly over ports 80, 8080, and 443. In one instance, attempted to connect to a suspected compromised site over port 445.