By Jon Munshaw.
Welcome to this week’s edition of the Threat Source newsletter.
Emotet made headlines last week for being “back” after a major international law enforcement takedown last year. But I’m here to argue that Emotet never left, and honestly, I’m not sure it ever will.
As Nick Biasini and I covered in a December episode of Talos Takes, these takedowns are always incredibly helpful and a show of strength among the international community. But it doesn’t mean they’re a final nail in the coffin.
Nick pointed out to me in that Talos Takes that there weren’t any arrests associated with the takedown, so the operators were always still out there ready to come back. And we started seeing Emotet send spam again as soon as nine-ish months after the takedown announcement.
“In this particular case, we saw a botnet disruption, more than anything else,” Nick said.
So it really shouldn’t be a surprise to anyone that Emotet is re-loading again. It’s known to go on months-long breaks, usually picking up around major holidays or international events like Black Friday and Cyber Monday.
I admittedly don’t know enough about the ins and outs of taking down a botnet to