perm_phone_msgUNDER ATTACK? Chat With US

United Nations was hit by a targeted cyberattack that used notorious malware strains

Cyber security BCyber todayJanuary 18, 2020 8

Background
share close
(Last Updated On: January 16, 2020)

The United Nations was hit by a targeted cyberattack that had used one of the most notorious malware strains in the world.

Emotet malware was used by criminals to launch phishing campaign which had the aim of taking over the login details of both UN staff and officials.

In the attack, hundreds of workers were aimed at, and it was targeted on the United Nations headquarters in New York, and the cybercriminals had planned on tricking their victims. 

Researchers at the Cofense security firm had found out about the campaign, and what they uncovered was that the hackers had acted as if they were from the Permanent Mission of Norway.

The way this came about was that the email had said that Norwegian representatives had seen an issue and it came with an attached signed agreement, and a recipient was required to look into the document to understand what it was.

A fake document would pop up when the email’s Microsoft Word attachment was opened, which was a template with a warning that said, “document only available for desktop or laptop versions of Microsoft Office Word.” 

The victims were then given the choice to either click on ‘Enable editing’ or ‘Enable Content’ in order to be able to view the document. Once the document had opened, it would carry out malicious Word macros on the victims’ device by downloading and installing Emotet. 

While Emotet ran is the background, it would also send out spam emails to other possible victims and download other malicious payloads, especially the threatening TrickBot trojan, which is often linked up with Ryuk ransomware.

 

The United Nations was hit by a targeted cyberattack that had used one of the most notorious malware strains in the world.

Emotet malware was used by criminals to launch phishing campaign which had the aim of taking over the login details of both UN staff and officials.

In the attack, hundreds of workers were aimed at, and it was targeted on the United Nations headquarters in New York, and the cybercriminals had planned on tricking their victims. 

Researchers at the Cofense security firm had found out about the campaign, and what they uncovered was that the hackers had acted as if they were from the Permanent Mission of Norway.

The way this came about was that the email had said that Norwegian representatives had seen an issue and it came with an attached signed agreement, and a recipient was required to look into the document to understand what it was.

A fake document would pop up when the email’s Microsoft Word attachment was opened, which was a template with a warning that said, “document only available for desktop or laptop versions of Microsoft Office Word.” 

The victims were then given the choice to either click on ‘Enable editing’ or ‘Enable Content’ in order to be able to view the document. Once the document had opened, it would carry out malicious Word macros on the victims’ device by downloading and installing Emotet. 

While Emotet ran is the background, it would also send out spam emails to other possible victims and download other malicious payloads, especially the threatening TrickBot trojan, which is often linked up with Ryuk ransomware.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

This content was originally published here.

Written by: BCyber

Rate it
Previous post

Similar posts

Cyber security BCyber / March 14, 2020

Ransomware victims thought their backups were safe. They were wrong | ZDNet

Ransomware: Industrial control systems are under attack Ekans ransomware is designed to target industrial systems in what researchers describe as a “deeply concerning evolution” in malware. The UK’s cybersecurity agency has updated its guidance on what to do after a ransomware attack, following a series of incidents where organisations were hit with ransomware, but also ...

Read more trending_flat