Nov 14, 2021
0 0

Emotet strikes Quebec’s Department of Justice: An ESET Analysis

Written by

The cyberattack, which affected 14 inboxes belonging to the Department of Justice, was confirmed by ESET researchers
ESET’s team of malware researchers in Montreal, in collaboration with journalist Hugo Joncas, helped shed light on a cyberattack that affected the Quebec Department of Justice. 
Indeed, on August 11 and 12, the Department of Justice suffered a cyberattack in which threat actors used malicious software to compromise 14 inboxes under the Department‘s jurisdiction. The attackers were thus able to access the emails addressed to these mailboxes. Alexis Dorais-Joncas (no relation), director of ESET’s R&D office in Montreal, reported that the hackers used a version of the Emotet malware, whose malicious campaigns have been running for several years.   
In the case of this latest attack, the hackers used the stolen information to spread their malware in a particularly insidious manner. Cybercriminals sent seemingly legitimate messages to those who contacted the afflicted mailboxes, apparently originating from the Department, and included malicious attachments. “We have to assume that all messages sent to these accounts were stolen,” says Dorais-Joncas. 
In addition to the data of citizens who contacted the department, the union Syndicat de professionnelles et professionnels du gouvernement du Québec points out that “the hackers allegedly stole the personal information of approximately 300 active and inactive employees (retired or now working elsewhere). “ 
ESET telemetry shows a significant peak in Emotet detections in Canada during the month of August.

This corresponds to the period when the Department of Justice was targeted. Given the modus operandi of Emotet’s campaigns, it is likely that other companies and organizations were also targeted. 
This is a good time, as always, to develop or review your organization’s strategy in the event of a security incident. Whatever the type of emergency, planning is your ally. Just like your fire plan, your security incident strategy will ensure a more effective and coordinated response when needed. And unlike your fire escape plan, when it comes to cyberattacks, the question is not whether you will use your plan, but when you will.
You may not think your organization would be a potential target for bad actors but think again. If you have electronic data, it has value to cybercriminals, regardless of your organization’s size, industry or revenue. 
According to Dorais-Joncas: “The incident at the Department of Justice is a reminder to all organizations dealing with personal data. An information leak is not always the result of a targeted and sophisticated attack. Indeed, the simple act of opening a malicious attachment can lead to the theft of the entire contents of the email inbox. A prepared organization can quickly circumscribe the breach, identify the extent of the damage and go into notification mode to warn people whose personal data has been compromised. “ 
RELATED READING: Now is the best time to craft your breach response 
Your security breach strategy should contain several important elements.  Here are some key elements to include: 
There is always concern if you suspect that you may have been the victim of a data breach like this. However, users who have contacted the Department by email do not have to wait to receive notification from the Department if one is forthcoming. Simple security measures, and increased attention, are your best allies.   
Alexis Dorais-Joncas explains: “If you have exchanged emails with the Registries and Certification Branch of the Department of Justice in the past, you need to be even more vigilant than usual. If you receive an email that appears to be from the Department and contains an attachment, do not open it. Instead, contact the Department by telephone to confirm whether or not the communication is legitimate.” These tips echo the Department’s press release, which invites the public to contact their Client Contact Centre at 1-866-536-5140 (option 4) for any inquiries regarding this incident. 
RELATED READINGWould you get hooked by a phishing scam? Test yourself  
If you are concerned that your personal information may have been stolen as part of this Emotet campaign, or as a result of another security incident, here are some tips to follow. 


Article Categories:

Comments are closed.