Why Emotet stopped and resumed its operations. Cybersecurity experts: The malware core infrastructure was originally located in Ukraine. After the Russian invasion, it has moved “at home” or in Belarus

Emotet is back in worldwide campaigns after a long period calm. This, as cybersecurity researchers report, because the malware core infrastructure once was located in Ukraine. The Russian invasion has forced cybercrime actors to temporarily stop operations and to look for new, less risky, places to move the entire infrastructure. Probably, according to Intelligence operators, the new location is in Russia or Belarus. Here the threat actors have little or no problems by law enforcements, perhaps also thanks to collaborations or advice on cyber warfare against the West provided as an exchange. That’s why Emotet has risen and is increasing its activities, especially against all the countries that condemned the Russian aggression to Ukraine and helped Kyiv.