Written by AJ Vicens
Apr 26, 2022 | CYBERSCOOP
The hackers behind Emotet — one of the longest-tenured and most prolific malware variants dating back to 2014 — have been tinkering with their well-established behaviors and testing new methods on a very small and limited scale, research out Tuesday suggests.
Cybersecurity firm Proofpoint noted that the testing could be related to steps taken in February by Microsoft to block automation services, known as macros, which allowed cybercrime operators to seed documents with automations that enabled malware execution.
The observed activity marks a departure from the typical Emotet approach, which usually involves high-volume email campaigns targeting victims around the world, according to Proofpoint researchers. Recent campaigns using Emotet included as many as one million messages in total, the researchers said, while this latest approach represented a small fraction of that.
Proofpoint researchers attributed the testing and tweaking to a cybercrime group behind the core development of Emotet it calls TA542, also known as “Mummy Spider.” It’s unclear where Mummy Spider is based, but an April 20 joint cybersecurity advisory from the major cybersecurity agencies in the U.S., Australia, Canada, New Zealand and the U.K. included the group