A coordinated global law enforcement operation has disrupted the infrastructure of Emotet, one of the world's most dangerous botnets and a vector for malware and ransomware attacks.
Participating authorities include Europol, the FBI, and the UK's National Crime Agency, along with agencies from Canada, France, Germany, Lithuania, the Netherlands, and Ukraine, Europol reports. The collaborative effort led investigators to take control over Emotet's infrastructure.
It was a massive feat: The botnet involved several hundred servers located around the world, all of which had different functionalities in order to manage the computers of infected victims, spread to new targets, serve other criminal groups, and strengthen its global network.
As part of their operation, law enforcement and judicial authorities "gained control of the infrastructure and took it down from the inside," Europol officials write in a statement. "The infected machines of victims have been redirected towards this law enforcement-controlled infrastructure," they say.
Emotet was discovered as a banking Trojan in 2014 but evolved over the years as its operators learned how they could sell to other criminals. It became distributed through an attacker-controlled botnet, which provided more leeway and agency for malware campaigns. These attacks were typically distributed in high volume via malicious emails, says Proofpoint threat intelligence lead Chris Dawson, who notes some campaigns sent millions of messages per day.
"What makes Emotet particularly dangerous for organizations is that it has been the primary base for the future deployment of other banking Trojans and tools used to deploy targeted ransomware attacks," Dawson says.
< ..
Support the originator by clicking the read the rest link below.
