Select Page

Threat actors associated with the notorious Emotet malware are continually shifting their tactics and command-and-control (C2) infrastructure to escape detection, according to new research from VMware.

Emotet is the work of a threat actor tracked as Mummy Spider (aka TA542), emerging in June 2014 as a banking trojan before morphing into an all-purpose loader in 2016 that’s capable of delivering second-stage payloads such as ransomware.

While the botnet’s infrastructure was taken down as part of a coordinated law enforcement operation in January 2021, Emotet bounced back in November 2021 through another malware known as TrickBot.

Emotet’s resurrection, orchestrated by the now-defunct Conti team, has since paved the way for Cobalt Strike infections and, more recently, ransomware attacks involving Quantum and BlackCat.

“The ongoing adaptation of Emotet’s execution chain is one reason the malware has been successful for so long,” researchers from VMware’s Threat Analysis Unit (TAU) said in a report shared with The Hacker News.

images from Hacker News