Emotet developers drop phishing emails to the United Nations

600 misleading messages delivered by Emotet to the United Nations users

Emotet developers drop phishing emails to the United Nations

The United Nations[1] became a target of an infamous Emotet malware.[2] The malicious actors impersonated the Permanent Mission of Norway to give the phishing message a legitimate look. By pretending to represent Norway in the United States of New York, they delivered the suspicious email to 600 users which included a questionable Word attachment clipped to the message. This is what the email’s content claimed:


Please be advised that the new problem has been appeared today.
See below our info for this question.

Please let me know if you need anything else.


Permanent Mission of Norway to the United Nations in New York

The malicious payload came in the form of a Word document

The misleading email message encourages users to open the attached file by claiming that something is wrong with a signed agreement. The crooks dropped the “Doc_01_13” Word document attachment that falsely holds the important information regarding the problematic agreement.

Even though the criminals could have succeeded in their attempt, they delivered the same form of Word document that was employed in other phishing attacks. The file claims that the “document is only available for desktop or laptop versions of Microsoft Office Word”. Afterward, the user is encouraged to click the “Enable Content” or “Enable editing” button in order to view the written content properly.

However, this is where the malicious process begins. If the victim decides to access the clipped Word document or enable its content, the installation of Emotet malware will begin and the computer will get infected with the parasite. Then, the parasite will start operating in the background of the machine and delivering misleading email messages to other victims found.

After being executed, Emotet malware could lead to the infiltration of TrickBot trojan

A lot of problems can occur on the infected computer system after the Emotet virus is installed. This malware can bring another Trojan virus known as TrickBot[3] that also can perform destructive actions on the targeted system.

This malicious infection has a goal to steal various information from the infected machine. The trojan can record data such as login credentials (name and password), files and folders that are saved on the computer and shared with other devices or networks, cookies saved, etc. Afterward, TrickBot is capable of opening backdoors to Ryuk ransomware[4] developers so that these people could have the network, earn administrative rights, and launch the malicious payload. 

When the ransomware is properly planted on the computer system, the malicious module will aim to encrypt all the information that is stored on the machine and demand big ransom payments in exchange for the decryption software. Nevertheless, the hackers might seek to steal personal information that is saved in the encrypted files and threaten the user that the data will be released out in the cybersphere if no payment is transferred.

Managing your emails seriously is a way to avoid phishing attacks

Gladly, there were no reports released about possibly infected victims in the United Nations. Even though this Emotet phishing campaign might not have gained benefits this time, there might be a big variety of users who have been tricked in similar attacks.

Regarding this fact, you should take your cybersecurity seriously. This includes installing proper antimalware software that will drop alerts if anything suspicious is trying to invade your computer system. Also, always be careful with email messages,[5] especially with those that you were not expecting to receive. If a reliable company is trying to contact you, it will likely also try to reach you via mobile phone, so you can delete the phishing message or at least scan its attachment with an AV tool.