According to security researchers from AdvIntel, ransomware gangs such as Quantum and BlackCat are now using the Emotet malware in attacks.
Emotet started as a banking Trojan in 2014 and although it has developed over the years into a sophisticated botnet, it has been closely associated with the Conti ransomware gang. It has however been relegated to the background after the gang shutdown operation.
“From November 2021 to Conti’s dissolution in June 2022, Emotet was an exclusive Conti ransomware tool, however, the Emotet infection chain is now attributed to Quantum and BlackCat,” AdvIntel said in an advisory.
It is believed that the members of the now disbanded Conti ransomware gang are either part of other ransomware gangs such as BlackCat and Hive or as independent groups that focus on data extortion and other criminal endeavors.
According to AdvIntel, more than 1,267,000 Emotet infections have been observed worldwide since the beginning of the year, with activity peaks recorded in February and March. Typical attack sequences include the use of Emotet (aka SpmTools) as an initial access vector to drop Cobalt Strike, which is then used as a post-exploitation tool for ransomware operations.
A second surge attributed to Quantum and BlackCat, occurred between June and July. Data show that the US, Finland, Brazil, the Netherlands and France are among the countries most targeted by Emotet.
The sources for this piece include an article in TheHackerNews.