The Emotet botnet has suddenly resurfaced after a small hiatus, according to researchers at multiple companies. The first alert came in a tweet from Cofense Labs that warned users about the botnet’s command-and-control servers suddenly responding to POST requests. According to Cofense Labs, the C2 servers began processing these POST requests around 3 p.m. EDT on Aug 21. The command-and-control servers appear, according to this extensive GitHub list, to be located in numerous regions around the world including North America, Europe, and Asia.
The reason why researchers are concerned is because of Emotet’s powerful abilities and effective attack strategies (all with the intention of stealing information via various payloads). Originally starting out in 2014 as a banking malware, Emotet eventually morphed into the powerful botnet that it is today. Its resurgence has made nearly every major cybersecurity firm warn its users and publish all current data on the botnet.
It appears, according to numerous reports, that the botnet has branched out from targeting banking entities. Though this is still an early working theory, Trend Micro, in particular, made a particularly strong case supporting this belief shared by many researchers. Trend Micro had the following to say in a blog post about Emotet’s resurfacing and its author’s motives:
While the earlier variants of EMOTET primarily targeted the banking sector, our Smart Protection Network (SPN) data reveals that this time, the malware isn’t being picky about the industries it chooses to attack. The affected companies come from different industries, including manufacturing, food and beverage, and healthcare. Again, it is possible that due to the nature of its distribution, EMOTET now has a wider scope.
There is also the possibility that these attacks are a misdirection to keep researchers in the dark about Emotet’s true target. In any case, the cybersecurity community is on full alert now that the C2 servers are active. Any developments in this botnet’s actions will be reported as the data surfaces.
Featured image: Flickr/ Christiaan Colen