On Thursday, hundreds of US organizations received emails masquerading as the Democratic National Committee but secretly containing the Emotet malware in an attempted spear-phishing attack. The email claimed to be recruiting Democratic volunteers, with the subject line “Team Blue Take Action.” The operators behind Emotet malware keep up with current events, leveraging them to have a higher success rate in their phishing attempts. Recently, Emotet has been hidden in fake emails advertising everything from COVID-19 to Greta Thunberg and climate change.
The threat actor responsible, however, has never directly utilized political themes in their spear-phishing campaigns until Thursday’s emails. The email contained Word Document attachments fraudulently claiming to be volunteer applications with the same subject line. When a victim opens the attachment, their computer becomes infected with Emotet. The message body of the email was copied directly from a page on the DNC website, according to researchers.