United Nations hit by major phishing attack

(Image credit: Shutterstock.com / Alexandros Michailidis)
Audio player loading…

The United Nations has been hit by a targeted cyberattack that uses one of the world's most notorious malware strains.

Criminals used the Emotet malware in order to launch a phishing campaign aimed at stealing login details for UN staff and officials alike.

Hundreds of workers were tagered in the attack, which focused on the UN headquarters in New York, with the hackers devising an ingenious strategy to try and trick their victims.

Problem

The campaign was uncovered by researchers from security firm Cofense, who found that the hackers pretended to be from the Permanent Mission of Norway. 

The email said that the Norwegian representatives had found a "problem" with an attached signed agreement, and that the recipient needed to review the document to learn exactly what it was.

Opening the email's Microsoft Word attachment launches a spoof document template with a pop-up warning saying the "document only available for desktop or laptop versions of Microsoft Office Word." 

The victim is then prompted to click on 'Enable editing' or 'Enable Content' to view the document, which when activated, executes malicious Word macros that downloads and installs Emotet on the victim's device.

Emotet would then run in the background while sending out spam emails to other victims, as well as downloading other malicious payloads, most notably the dangerous TrickBot trojan, which has in turn been linked to the notorious Ryuk ransomware.

Via Bleeping Computer (opens in new tab)

Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.