Displaying items by tag: ta542

Yesterday we told you that the gang behind Emotet was looking to used Excel add-ins as a possible new technique to compromise systems as part of their spamming campaigns. The detected techniques were labeled as potentially being part of research and development efforts on the part of the group TA542 due to changes Microsoft is making in Office (and ones many admins already push). The R&D efforts do not stop there though as multiple security research teams are now saying they have identified another new technique associated with Emotet.

TA542 the wonderful people that brought you Emotet appears to be in the middle of a development and testing cycle on new delivery methods. According to researchers at ProofPoint the creators or the Emotet Botnet are potentially looking to find a new delivery method in response to the, long overdue, default disabling of VBA based Macros by Microsoft in their office products. Although ProofPoint seems to think this is development testing, the activity could also be part of a more targeted campaign.