Security News > 2021 > December > Emotet starts dropping Cobalt Strike again for faster attacks
Right in time for the holidays, the notorious Emotet malware is once again directly installing Cobalt Strike beacons for rapid cyberattacks.
Earlier this month, Emotet began to test installing Cobalt Strike beacons on infected devices instead of their regular payloads.
Cryptolaemus is now warning that starting today, the threat actors have once again begun installing Cobalt Strike beacons to devices already infected by Emotet.
Roosen told BleepingComputer that Emotet is now downloading the Cobalt Strike modules directly from its command and control server and then executing them on the infected device.
With Cobalt Strike beacons directly installed by Emotet, threat actors who use them to spread laterally through a network, steal files, and deploy malware will have immediate access to compromised networks.
The rapid deployment of Cobalt Strike through Emotet is a significant development that should be on the radars of all Windows and network admins and security professionals.