BleepingComputer reports that the BlackCat and Quantum ransomware groups have been using the Emotet botnet to facilitate the delivery of their respective payloads.
While Emotet has typically been part of Conti ransomware's arsenal since its revival last November, the ransomware group's shutdown in June has prompted BlackCat and Quantum to take the reins, with the botnet now being leveraged to enable the installation of a Cobalt Strike beacon as a second-stage payload on compromised systems, a report from AdvIntel revealed.
More than 1.2 million systems have already been impacted by Emotet so far this year, with infections peaking between February and March. Following its emergence as a banking trojan eight years ago, Emotet has since been used as a botnet by the TA542 threat group, also known as Mummy Spider.
Increasing activity has prompted Emotet to transition to 64-bit modules in April before being upgraded to include a credit card stealer in June.