The USA's Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) are reporting the large-scale re-emergence of the Emotet trojan. Since July 2020, CISA has seen increased activity involving Emotet-associated indicators. During that time, CISAs EINSTEIN Intrusion Detection System, which protects federal, civilian executive branch networks, has detected roughly 16,000 alerts related to Emotet activity. CISA observed Emotet being executed in phases during possible targeted campaigns. Emotet used compromised Word documents (.doc) attached to phishing emails as initial insertion vectors. It spreads via links in e-mails and as macros in .doc files attached to e-mails.
