United Nations hit by major phishing attack

Emotet malware imitates Norwegian officials to target UN users

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The United Nations has been hit by a targeted cyberattack that uses one of the world’s most notorious malware strains.

Criminals used theEmotetmalware in order to launch a phishing campaign aimed at stealing login details for UN staff and officials alike.

Hundreds of workers were tagered in the attack, which focused on the UN headquarters in New York, with the hackers devising an ingenious strategy to try and trick their victims.

Problem

Problem

The campaign was uncovered by researchers from security firm Cofense, who found that the hackers pretended to be from the Permanent Mission of Norway.

The email said that the Norwegian representatives had found a “problem” with an attached signed agreement, and that the recipient needed to review the document to learn exactly what it was.

Opening the email’sMicrosoftWord attachment launches a spoof document template with a pop-up warning saying the “document only available for desktop or laptop versions of Microsoft Office Word.”

The victim is then prompted to click on ‘Enable editing’ or ‘Enable Content’ to view the document, which when activated, executes malicious Word macros that downloads and installs Emotet on the victim’s device.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Emotet would then run in the background while sending out spam emails to other victims, as well as downloading other malicious payloads, most notably the dangerous TrickBot trojan, which has in turn been linked to the notorious Ryuk ransomware.

ViaBleeping Computer

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK’s leading national newspapers and fellow Future title ITProPortal, and when he’s not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

This new malware utilizes a rare programming language to evade traditional detection methods