Government

Hackers Spread Emotet to Drop Ransomware

22 - 29 October 2019

An ongoing Emotet campaign is targeting Australian entities, including government agencies and critical infrastructure providers.

An ongoing Emotet campaign is targeting Australian entities, including government agencies and critical infrastructure providers. The malware is distributed via phishing emails containing Microsoft Office attachments, usually macro-enabled Word documents. When activated, the Emotet payload secures a foothold in the target host and attempts to spread within the network by brute-forcing user credentials. Emotet then downloads the Trickbot malware, which harvests emails and credentials as well as moves laterally within a network using the EternalBlue exploit. The threat actors will unleash the Ryuk ransomware when sufficient systems within the network are compromised.

References:

Advisory 2019-131a: Emotet Malware Campaign

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence