HUNT FOR EMOTET BOTNET LEADER BECOMES DETECTIVE SERIES

The International Law enforcement Alliance has launched a large-scale operation, named endgame, to capture the leader of one of the largest botnets – Emotet.

A video appeared on the Web, on which operatives urge to provide any information about the personality of a hacker, known under the nickname “ODD”. This figure has used many pseudonyms over the years.

The video briefly sets out the history of Emotet – a network of infected computers, which twice became the goal of law enforcement officers.

The call for assistance followed after a series of successful operations this week, during which members of hacker groups that were engaged in the spread of malicious software were arrested. Law enforcement officers spoke about these achievements in previous videos.

From indirect information it follows that the investigation already has some clues relative to ODD. The bodies indicate the availability of data on his possible accomplices and suggest that it can be involved in other illegal operations besides Emotet. However, the details are not disclosed.

Despite the fact that the Botnet Emotet has been operating for about ten years, almost nothing is known about the real personalities standing behind him. ESET connects it with a hacker group MEALBYBUG or TA542, depending on the source. But these groups do not appear in the CISA report.

The scale of the threat that Emotet was for cyberspace for years has been much better documented. Starting like an ordinary banking triang, it grew into one of the largest botnets on the Internet, which served as a platform for the distribution of other malicious, bootloaders and robber programs.

After the first attempt to neutralize Emotet in January 2021, the German authorities used the infrastructure of Botnet itself to spread antivirus, removing the malicious from infected machines. This disputed step contradicted the policy of other countries, for example, Great Britain.

In November of the same year, Emotet resumed activity after a 10-month break, but already using the Trickbot Betnet infrastructure – the situation is the opposite of the one when the Trickbot previously spread through Emotet. Nevertheless, it was not possible to restore the previous scale of Emotet, and at present all his team servers are disabled.

As far as law enforcement officers are aware of the current activities of ODD, it is not yet clear. But it is known that recently such operations often use the tactics of psychological pressure on cybercriminals.

/Reports, release notes, official announcements.