Skip to main content

United Nations hit by major phishing attack

(Image credit: Shutterstock.com / Alexandros Michailidis)

The United Nations has been hit by a targeted cyberattack that uses one of the world's most notorious malware strains.

Criminals used the Emotet malware in order to launch a phishing campaign aimed at stealing login details for UN staff and officials alike.

Hundreds of workers were tagered in the attack, which focused on the UN headquarters in New York, with the hackers devising an ingenious strategy to try and trick their victims.

Problem

The campaign was uncovered by researchers from security firm Cofense, who found that the hackers pretended to be from the Permanent Mission of Norway. 

The email said that the Norwegian representatives had found a "problem" with an attached signed agreement, and that the recipient needed to review the document to learn exactly what it was.

Opening the email's Microsoft Word attachment launches a spoof document template with a pop-up warning saying the "document only available for desktop or laptop versions of Microsoft Office Word." 

The victim is then prompted to click on 'Enable editing' or 'Enable Content' to view the document, which when activated, executes malicious Word macros that downloads and installs Emotet on the victim's device.

Emotet would then run in the background while sending out spam emails to other victims, as well as downloading other malicious payloads, most notably the dangerous TrickBot trojan, which has in turn been linked to the notorious Ryuk ransomware.

Via Bleeping Computer