An open discussion list for topics related to the eduGAIN interfederation service.

[eduGAIN Security Team <abuse AT edugain.org>]

Dear colleagues,

some of you may have notice malicious emails sent to different eduGAIN
mailing lists, such as eduGAIN discuss. The eduGAIN Security Team
investigated and confirm they are caused by a malware called Emotet.

Emotet is currently the leading malspam affecting our community. The
malware continues to improve and is capable of sending context-aware
phishing. In other words, someone on any eduGAIN list may have a real,
legitimate, ongoing email thread with a trusted party (directly or via a
mailing list). This email thread is then hijacked by the attacker in
order to add a phishing email with a link or attachment as part of the
conversation. Once a victim has clicked on the malicious link or
attachment, and the malware is deployed, the email inbox of the victim
is leveraged to spread the malware further.

More details are available here:
https://www.kryptoslogic.com/blog/2019/04/emotet-scales-use-of-stolen-email-content-for-context-aware-phishing/

These content-aware phishing emails are typically very difficult to
detect and block, because they involved genuine users and email threads.
Make sure you treat emails securely. Never open unexpected attachments
or links. Never "Enable Content" on a downloaded Microsoft Office
document.

If you believe you have clicked on a malicious link or attachment or
have been exposed, or you are not sure about a particular link or
attachement, please contact immediately your local security team. The
eduGAIN Security Team is also available should you need any additional
help, see https://edugain.org/edugain-security/

Daniel Kouril, on behalf of the eduGAIN Security Team

Attachment: signature.asc
Description: PGP signature