The joint actions of law enforcement agencies and judicial entities around the world have brought the infamous EMOTET botnet down.
EMOTET was one of the most long-lasting professional cybercrime services on the web. The malware has been a go-to solution for hackers and people with malicious intentions for many years. Security experts have identified the threat for the first time as a banking Trojan back in 2014.
Over the years, EMOTET different criminal actors were able to hire the botnet service and use it to insert some other forms of malware on the victim’s device, such as banking Trojans and ransomware.
What made the malware so dangerous was its polymorphic nature that ensured that any time the malware is called up, it updates its code. This made its detection really hard for common antivirus programs.
In essence, the EMOTET network was used as a backdoor for different computer systems located globally. The malware typically established unauthorized access which later was sold to highly active criminal groups that exploited that access to undertake more illegal actions such as data stealing and money extortion through ransomware infections.
EMOTET was mainly spreading through infected e-mail attachments. Various lures were used to make unwitting users open these deceptive attachments. In the past, EMOTET’s malicious e-mail campaigns were distributing malicious documents in the form of invoices, different alerts, and even COVID-19 details.
Once one of these documents was opened by a user, it would ask him to “enable macros” so that the malicious code hidden in the Word file could be executed and EMOTET malware installed on the victim’s machine.
Investigators have now taken EMOTET’s network under their control.
The network utilized by EMOTET included hundreds of servers worldwide with multiple functionalities that enabled control of the infected machines, the distribution of the malware to new computers, different services to other criminal organizations, and even resilience controls against eventual takedown attempts.
Legal authorities all around the globe partnered up to develop an efficiently integrated plan to seriously damage the EMOTET infrastructure. This plan was successfully implemented and this week it resulted in a takedown of the network from inside. All infected computers are being redirected to the now law enforcement-controlled infrastructure.
This special operation stems from joint efforts in foreign operations co-ordinated by EUROPOL and EUROJUST between the authorities in the Netherlands, Germany, the United States, France, Lithuania, Canada, and Ukraine. Professionals see it as an innovative approach for undermining advanced cybercrime operations.