Proofpoint: TA542 is using new versions of Emotet to launch email campaigns on an international scale that affect North America, Central America, South America, Europe, Asia, and Australia. The malware exploits third-party payloads such as Qbot, The Trick, IcedID, and Gootkit
Cybercrime group TA542 is using it’s last versions of Emotet malware to launch widespread email campaigns on an international scale that affect North America, Central America, South America, Europe, Asia, and Australia. It has been discovered by Proofpoint cyber security experts, who track the malicious actor since 2014. The variants exploit third-party payloads such as Qbot, The Trick, IcedID, and Gootkit. Additionally, Emotet loads its modules for spamming, credential stealing, email harvesting, and spreading on local networks. The early versions of the malicious code, instead, had a module that was used to commit banking fraud, specifically targeting German, Austrian, and Swiss banks for years. TA542 typically distributes high volume email campaigns consisting of hundreds of thousands or even millions of messages targeting all industries, leveraging on social engineering mechanisms to increase infection rates. Furthermore, the language of the emails is appropriate for the targeted country.
The cyber security experts: We can expect Emotet use to grow in the upcoming quarters
According to the cyber security experts, the cybercrime gang in the last two years has become one of the most prolific threat actor in the overall threat landscape. Leveraging the robust botnet Emotet, TA542 orchestrates high-volume, international email campaigns that distribute hundreds of thousands or even millions of messages per day. They use the malware to download third-party banking malicious code, and to facilitate the continued spread of their botnet via a number of modules. As the group continues to operate at near-global scale, Proofpoint can expect Emotet use to grow in the upcoming quarters.