By : Mohamed Shawky – Nahla Makled
Tomorrow Unlocked, Kaspersky’s documentary production unit, is releasing the latest episode of its hacker:HUNTER series ‘Emotet vs The World Police’. The film reveals the details of an international operation, which resulted in the takedown of Emotet, one of the most dangerous botnets and cybercrime services of the past decade. The documentary is exclusively premiering on Tomorrow Unlocked’s YouTube channel on 18th August. This is the fifth episode in the hacker:HUNTER real cybercrime series.
Through the eyes of prosecutors and police officers from Germany, the Netherlands and Ukraine, the film recounts how international police cooperation brought down this extraordinary cyber-criminal business. Internationally recognized cyber security researchers add a broader perspective and try to predict what might come after Emotet. “The police were able to stop these criminals, because they started thinking like cybercriminals,” states a researcher, summing up the operation in the documentary.
Emotet essentially was at the forefront of the commoditization of network access, functioning as a background facilitator for cybercrime that happened around the globe. In some ways, Emotet was akin to the organized mob of the 20th century – offerings the means to commit the crimes; in the later years of their operation, they never really carried out the attacks themselves, which made them hard to catch. Emotet opened up doors to cybercrime groups that launched severe attacks on various high-value targets and organizations that are often considered off-limits – such as hospitals.
First discovered in 2014, Emotet continually evolved and became extremely dangerous, with its operators maintaining and selling access and tools to hundreds of thousands of devices worldwide for those to be later infected with various malware, such as ransomware, banking Trojans. The botnet was spread through malicious attachments in spam messages – once such attachment was opened, the device would be infected with malware and therefore open to infection with other threats. This approach, albeit, quite common among various cyber actors, made Emotet stand out thanks to its immense scale.
Due to its vast decentralized infrastructure spread across multiple countries, Emotet’s was widely successful and almost impossible to take down. That is, until January 2021 when Europol announced the shutdown of Emotet’s operations and arrested key actors of the gang. The operation, sanctioned by Europol and executed in close cooperation between multiple governmental authorities from various countries in Europe and beyond, was a necessity in making the arrests of Emotets’ operations successful.