Skip to Content.
Sympa Menu

edugain-discuss - [eduGAIN-discuss] Malicious emails spreading in our community

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

[eduGAIN-discuss] Malicious emails spreading in our community


Chronological Thread 
  • From: eduGAIN Security Team <abuse AT edugain.org>
  • To: edugain-discuss AT lists.geant.org
  • Subject: [eduGAIN-discuss] Malicious emails spreading in our community
  • Date: Fri, 23 Oct 2020 15:30:17 +0200

Dear colleagues,

some of you may have notice malicious emails sent to different eduGAIN
mailing lists, such as eduGAIN discuss. The eduGAIN Security Team
investigated and confirm they are caused by a malware called Emotet.

Emotet is currently the leading malspam affecting our community. The
malware continues to improve and is capable of sending context-aware
phishing. In other words, someone on any eduGAIN list may have a real,
legitimate, ongoing email thread with a trusted party (directly or via a
mailing list). This email thread is then hijacked by the attacker in
order to add a phishing email with a link or attachment as part of the
conversation. Once a victim has clicked on the malicious link or
attachment, and the malware is deployed, the email inbox of the victim
is leveraged to spread the malware further.

More details are available here:
https://www.kryptoslogic.com/blog/2019/04/emotet-scales-use-of-stolen-email-content-for-context-aware-phishing/

These content-aware phishing emails are typically very difficult to
detect and block, because they involved genuine users and email threads.
Make sure you treat emails securely. Never open unexpected attachments
or links. Never "Enable Content" on a downloaded Microsoft Office
document.

If you believe you have clicked on a malicious link or attachment or
have been exposed, or you are not sure about a particular link or
attachement, please contact immediately your local security team. The
eduGAIN Security Team is also available should you need any additional
help, see https://edugain.org/edugain-security/

Daniel Kouril, on behalf of the eduGAIN Security Team

Attachment: signature.asc
Description: PGP signature



  • [eduGAIN-discuss] Malicious emails spreading in our community, eduGAIN Security Team, 10/23/2020

Archive powered by MHonArc 2.6.19.

Top of Page