Quantum and BlackCat ransomware gangs deploys Emotet Botnet

Share post:

According to security researchers from AdvIntel, ransomware gangs such as Quantum and BlackCat are now using the Emotet malware in attacks.

Emotet started as a banking Trojan in 2014 and although it has developed over the years into a sophisticated botnet, it has been closely associated with the Conti ransomware gang. It has however been relegated to the background after the gang shutdown operation.

“From November 2021 to Conti’s dissolution in June 2022, Emotet was an exclusive Conti ransomware tool, however, the Emotet infection chain is now attributed to Quantum and BlackCat,” AdvIntel said in an advisory.

It is believed that the members of the now disbanded Conti ransomware gang are either part of other ransomware gangs such as BlackCat and Hive or as independent groups that focus on data extortion and other criminal endeavors.

According to AdvIntel, more than 1,267,000 Emotet infections have been observed worldwide since the beginning of the year, with activity peaks recorded in February and March. Typical attack sequences include the use of Emotet (aka SpmTools) as an initial access vector to drop Cobalt Strike, which is then used as a post-exploitation tool for ransomware operations.

A second surge attributed to Quantum and BlackCat, occurred between June and July. Data show that the US, Finland, Brazil, the Netherlands and France are among the countries most targeted by Emotet.

The sources for this piece include an article in TheHackerNews.


Related articles

Cyber Security Today, Week in Review for week ending Friday, June 21, 2024

Welcome to Cyber Security Today. This is the Week in Review edition for the week ending Friday June...

Cyber Security Today, June 21, 2024 – US to ban Kaspersky for businesses, consumers

U.S. to ban the sale of Kaspersky products to consumers and businesses. Welcome to Cyber Security Today. It's Friday...

Biden administration to ban US sales of Kaspersky software over ties to Russia

The Biden administration is set to announce a ban on the sale of Kaspersky Lab's antivirus software in...

Security bug may allow anyone to spoof Microsoft employee emails

A security researcher claims to have discovered a bug that enables anyone to impersonate Microsoft corporate email accounts,...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways