Ukrainian cyberpolice exposed hacker group distributing Emotet malware

Hacker group distributing Emotet
Written by Emma Davis

The cyber police of Ukraine exposed a transnational hacker group that were distributing Emotet, one of the most dangerous current malwares.

According to the press service of the Ministry of Internal Affairs of Ukraine, this virus caused $2.5 billion in damage to banks and financial institutions in the United States and Europe.

Hackers with the help of virus software carried out massive interference into the servers of private and public institutions in Europe and the United States of America. As a result of such “activities” banks have suffered $2.5 billion in losses. Attackers face up to 12 years in prison.said representatives of the national police of Ukraine.

According to the investigation, a group of hackers from Ukraine since 2014 was using a malicious software, the so-called encryption virus (“banking Trojan”), designed to steal personal data – passwords, logins and payment data. This group carried out massive interference in the operation of servers of private and government banking institutions of Great Britain, Germany, Austria, Switzerland, the Netherlands, Lithuania and the USA.

The Emotet infrastructure included servers located all over the world and was actually a BOT network. The “virus” was spreading through spam mailings, Word documents, Excel documents, etc. The emails looked like a warning about account security, an invitation to a party, and even a warning against the spread of COVID-19.

Having infiltrated the software, the virus used the “infected” technique for further distribution, and also installed additional viruses on the device.

As a result, malicious software stole users’ personal data, including passwords, logins, browser history, payment and banking information and so on. Later the attackers transferred money to their controlled accounts.


Cyber police, together with law enforcement officers of foreign states, simultaneously conducted searches on the territory of Ukraine, the Netherlands, Germany, France, Lithuania, Canada, the USA and Great Britain.

According to the results, server equipment, computer equipment, information carriers containing information about the companies that were targets for attacks were seized. Also, bank cards, money, “rough” records with passwords, logins and keys to encrypted services were seized.

It is noted that the activity of the Emotet botnet, which was located on more than 90 servers in different countries of the world, is currently completely blocked.

Let me remind you that Emotet uses parked domains to distribute payloads.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply