{
	"id": "b46349f9-5270-4b24-b4a2-5af0905feb42",
	"created_at": "2026-04-06T00:06:26.262084Z",
	"updated_at": "2026-04-10T13:11:49.885966Z",
	"deleted_at": null,
	"sha1_hash": "cf956a72b582066222607c7b0466197baff89e39",
	"title": "France, Japan, New Zealand warn of sudden spike in Emotet attacks",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1903198,
	"plain_text": "France, Japan, New Zealand warn of sudden spike in Emotet\r\nattacks\r\nBy Written by Catalin Cimpanu, ContributorContributor Sept. 7, 2020 at 7:48 p.m. PT\r\nArchived: 2026-04-05 18:31:35 UTC\r\nSecurity\r\nCyber-security agencies from France, Japan, and New Zealand have published security alerts over the past week\r\nwarning about a large uptick in Emotet malware attacks targeting their respective countries.\r\nEmotet activity described in the alerts refers to email spam campaigns that originated from Emotet infrastructure\r\nand targeted companies and government agencies in the three countries.\r\nVictim organizations who received the emails, opened, and then ran the attached documents were at risk of getting\r\ninfected with one of today's most dangerous malware.\r\nJoseph Roosen, a member of Cryptolaemus, a group of security researchers who track Emotet malware\r\ncampaigns, told ZDNet that the Emotet botnet has been particularly active in recent weeks, and especially active in\r\nthe three countries.\r\nFor example, Roosen said New Zealand had been heavily targeted by Emotet operators via emails originating\r\nfrom E3 (one of the three mini-botnets that make the larger Emotet infrastructure).\r\nOn the other hand, while E3 was busy spamming New Zealand, Roosen said that all three mini-Emotet botnets\r\n(E1, E2, and E3) were targeting Japan. According to CERT Japan, these Emotet spam waves led to a tripling of\r\nEmotet sightings tripled last week, causing experts to sound a sign of alarm.\r\nhttps://www.zdnet.com/article/france-japan-new-zealand-warn-of-sudden-spike-in-emotet-attacks/\r\nPage 1 of 2\n\nemotet-japan.png\r\nImage: CERT Japan\r\nBut while Japan and New Zealand have been under heavy spam waves, things were lighter in France, where,\r\nRoosen said, Emotet spam waves haven't been at the same levels as in the other two countries.\r\nNonetheless, Emotet infected computers on the network of the Paris court system, turning heads, making\r\nheadlines, and triggering a state of emergency among French officials.\r\nThe French Interior Ministry reacted by blocking all Office documents (.doc) from being delivered via email, and\r\nFrance's cyber-security agency ANSSI followed through with an official cyber-security alert on Monday, urging\r\ngovernment agencies to pay attention to the emails they're opening.\r\nConversations hijacking\r\nAccording to all three alerts, the attacks appear to have been the same.\r\nEmotet operators used their old trick of infecting one victim and then stealing older email threads. The group\r\nwould then revive these old conversations, add malicious files as attachments, and target new users with a\r\nlegitimate-looking conversation.\r\nUsers part of the conversations, or those added on, would often open the malicious files attachments added to the\r\nemail thread out of curiosity and get infected.\r\nIn the recent campaigns that targeted France, Japan, and New Zealand, Emotet appears to have used Windows\r\nWord documents (.doc) and password-protected ZIP archive files as the malicious email attachments, attacks that\r\nhave been seen targeting companies in other countries as well.\r\nAll three security alerts contain sound advice for anyone looking for ways to prevent or deal with Emotet\r\ninfections, regardless of the country of origin.\r\nAt one point or another, Emotet will switch targeting and go after other countries, as the botnet can send out spam\r\nin multiple languages, according to cyber-security firm Proofpoint.\r\nBut the best Emotet advice ZDNet can give is in regards to systems that have been found to be already infected. In\r\nthis case, companies should take down their entire networks and audit each system. This is because Emotet has\r\nfeatures that allow it to spread laterally to the entire network, and Emotet is also often used to download other\r\nmalware, including ransomware. Taking infected systems or the entire network offline while systems are scanned\r\nand re-imagined is the best way to avoid an even more costly security incident.\r\nSecurity\r\nSource: https://www.zdnet.com/article/france-japan-new-zealand-warn-of-sudden-spike-in-emotet-attacks/\r\nhttps://www.zdnet.com/article/france-japan-new-zealand-warn-of-sudden-spike-in-emotet-attacks/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.zdnet.com/article/france-japan-new-zealand-warn-of-sudden-spike-in-emotet-attacks/"
	],
	"report_names": [
		"france-japan-new-zealand-warn-of-sudden-spike-in-emotet-attacks"
	],
	"threat_actors": [],
	"ts_created_at": 1775433986,
	"ts_updated_at": 1775826709,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/cf956a72b582066222607c7b0466197baff89e39.pdf",
		"text": "https://archive.orkl.eu/cf956a72b582066222607c7b0466197baff89e39.txt",
		"img": "https://archive.orkl.eu/cf956a72b582066222607c7b0466197baff89e39.jpg"
	}
}