BleepingComputer reports that threat actors have been delivering an Emotet loader through the TrickBot malware as part of "Operation Reacharound," following the disruption of Emotet by law enforcement authorities earlier this year, according to researchers from Cryptolaemus, GData and Advanced Intel.
Emotet has not been observed to conduct spamming activity likely because the botnet's infrastructure is being reconstructed from scratch, said Cryptolaemus researcher Joseph Roosen.
Cryptolaemus also discovered changes to the new Emotet loader, compared with older variants. "So far we can definitely confirm that the command buffer has changed. There's now 7 commands instead of 3-4. Seems to be various execution options for downloaded binaries (since it's not just DLLs)," said researchers.
Meanwhile, the reemergence of Emotet may prompt increased ransomware infections, warned Advanced Intel's Vitali Kremez.
"It is an early sign of the possible impending Emotet malware activity fueling major ransomware operations globally given the shortage of the commodity loader ecosystem. It also tells us that the Emotet takedown did not prevent the adversaries from obtaining the malware builder and setting up the backend system bringing it back to life," Kremez said.
Ukrainian hacktivist operation IT Army has taken responsibility for a significant distributed denial-of-service attack against Russian local airline booking system Leonardo, which is used by over 50 Russian carriers, according to The Record, a news site by cybersecurity firm Recorded Future.
New attacks with the updated SysUpdate toolkit have been deployed by Chinese advanced persistent threat operation Budworm, also known as APT27, Emissary Panda, Bronze Union, Lucky Mouse, Iron Tiger, and Red Phoenix, against an Asian government and a Middle East-based telecommunications provider, reports The Hacker News.
Forty-five malicious NPM and PyPI packages have been deployed by threat actors to facilitate extensive data theft operations as part of a campaign that commenced on Sept. 12, according to BleepingComputer.