The gz attachment of the “Payment Advice - Ref: [HSBC1057029141] /RFQ Priority Payment / Customer Ref: [PI10771QT90]” email contains an exe file: the malware.
Cybercrime, why Emotet stopped and resumed its operations
Why Emotet stopped and resumed its operations. Cybersecurity experts: The malware core infrastructure was originally located in Ukraine. After the Russian invasion, it has moved “at home” or in Belarus
Emotet is back in worldwide campaigns after a long period calm. This, as cybersecurity researchers report, because the malware core infrastructure once was located in Ukraine. The Russian invasion has forced cybercrime actors to temporarily stop operations and to look for new, less risky, places to move the entire infrastructure. Probably, according to Intelligence operators, the new location is in Russia or Belarus. Here the threat actors have little or no problems by law enforcements, perhaps also thanks to collaborations or advice on cyber warfare against the West provided as an exchange. That’s why Emotet has risen and is increasing its activities, especially against all the countries that condemned the Russian aggression to Ukraine and helped Kyiv.