The Emotet botnet malware is well known in the cybersecurity industry for its success in using spam emails to compromise machines and then selling access to these machines as part of its infamous malware-as-a-service (MaaS) scheme. Operators behind notorious threats such as the Trickbot trojan and the Ryuk or Conti ransomware are among the malicious actors who have used the botnet malware in their attacks.
But in January 2021 came news of Emotet’s dismantling, dubbed Operation Ladybird, during which law enforcement agencies from Canada, France, Germany, Lithuania, the Netherlands, Ukraine, the UK, and the US worked in concert to seize control of Emotet’s infrastructure. In spite of this, the botnet malware proved quite resilient and it resurfaced in November 2021. According to researchers at AdvIntel, its return was greatly influenced by Conti’s operators, who sought to continue their partnership with the operators of Emotet, as the botnet malware had played an integral role in the ransomware’s initial access phase.
Source: Trend Micro