After finishing a heavy week of spamming, the threat actors behind the Emotet botnet have apparently taken a break. This conclusion is based on researcher observations of spambots ceasing to send out email and command and control servers responding to infected computers with HTTP error codes instead of distributing additional malware payloads. Emotet, which is thought to operate out of Russia, goes on break around this time each year, as Russians begin celebrating the holiday season. The group typically stays on break through Jan 7th at least, which is when Christmas is celebrated in Russia. Although spam production and malware distribution have temporarily ceased, infected computers, or “bots” are still “live” and will continue trying to connect to their command and control servers to request further instructions, ready to come back into full operation when the break is over.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.