BleepingComputer reports that threat actors have been delivering an Emotet loader through the TrickBot malware as part of "Operation Reacharound," following the disruption of Emotet by law enforcement authorities earlier this year, according to researchers from Cryptolaemus, GData and Advanced Intel.
Emotet has not been observed to conduct spamming activity likely because the botnet's infrastructure is being reconstructed from scratch, said Cryptolaemus researcher Joseph Roosen.
Cryptolaemus also discovered changes to the new Emotet loader, compared with older variants. "So far we can definitely confirm that the command buffer has changed. There's now 7 commands instead of 3-4. Seems to be various execution options for downloaded binaries (since it's not just DLLs)," said researchers.
Meanwhile, the reemergence of Emotet may prompt increased ransomware infections, warned Advanced Intel's Vitali Kremez.
"It is an early sign of the possible impending Emotet malware activity fueling major ransomware operations globally given the shortage of the commodity loader ecosystem. It also tells us that the Emotet takedown did not prevent the adversaries from obtaining the malware builder and setting up the backend system bringing it back to life," Kremez said.
U.S. critical infrastructure organizations have been noted by the Department of Homeland Security to be at risk of cyberattacks leveraging artificial intelligence, with China and other nation-states exploiting the technology to deploy more advanced malware attacks and influence operations, CyberScoop reports.
Russia-based threat actors have been blamed by Bermuda Premier David Burt for being behind significant internet outages across the British overseas territory and another government in the Caribbean, reports The Record, a news site by cybersecurity firm Recorded Future.