United Nations Targeted With Emotet Malware Phishing Attack

United Nations Targeted With Emotet Malware Phishing Attack


Pretending to be the Permanent Mission of Norway, the Emotet operators performed a targeted phishing attack against email addresses associated with users at the United Nations.


Yesterday, the Emotet trojan roared back to life after a 3-week vacation with strong spam campaigns that targeted countries throughout the world.


While Emotet's normal spam campaigns pretended to be fake accounting reports, delivery notices, and invoices, the malware operators had something special in mind for the United Nations.


Impersonating the "Permanent Mission of Norway"


In a sample of a phishing email shared with BleepingComputer by email security firm Cofense, the Emotet operators pretend to be representatives of Norway at the United Nations in New York, who state that there is a problem with an attached signed agreement.


According to Cofense, this phishing campaign had "highly specific targeting" and was seen being sent to 600 unique email addresses at the United Nations.


The email states that the representatives of Norway found a problem with a signed agreement and that the recipient should review it to learn the issue.



Emotet spam targeting the United Nations

The full text of this targeted phishing email can be read below:


Hi, Please be advised that the new problem has been appeared today.
See below our info for this question. Please let me know if you need anything else. Regards Permanent Mission of Norway to the United Nations in New York

Attached to these emails is a Microsoft Word document that starts with "Doc_01_13" that pretends to be the signed agreement being sent by the Permanent Mission of Norway.


While ..

Support the originator by clicking the read the rest link below.