The board of mafianeindanke reports as follows on what has happened the first fraudulent e-mails emerged. A note: the previous status updates are not changed, all newly added status updates contain changes or additions to the previously published information.
Status Update 3, 16.6.2022, 15:30:
In the meantime, mafianeindanke has identified the source of the problems and the fraudulent spam mails . It is the malware Emotet, which is contained in the zip file attached to the spam mails. Emotet often spreads via existing email communication, which was previously copied from the systems of the attacked victims. When the zip file is opened, Emotet installs itself unnoticed on the system of private individuals or organisations, accesses e-mail traffic and begins to send spam mails from its own e-mail servers. It should be noted once again that, although it looks as if Emotet is sending spam from the mailbox of the persons concerned, behind it is an Emotet-owned mail address. The impression might be that all accounts from which such mails seemingly are sent have been infected, but this is rather unlikely. Since the problems began, mafianeindanke has also observed infected mails from association members who proceeded correctly, never opening the spam mails and deleting them directly.
According to information from mafianeindanke, this malware is very widespread. For this reason, it is unlikely that it was used specifically against mafianeindanke because of the association’s activities, but rather that the association fell victim to the software by chance. So far, no one has claimed responsibility for the attack or started a possible blackmail attempt, as often happens. There are no indications so far that, apart from the mail histories found in the spam emails, any other sensitive or personal data has been lost or used to harm mafianeindanke beyond the spam emails. In any case, mafianeindanke complies with all obligations under the applicable data protection laws and will file a report to the authorities in any case.
More information about Emotet can be found on the Internet, a German source we recommend can be found under this link. https://www.bsi.bund.de/DE/Themen/Verbraucherinnen-und-Verbraucher/Cyber-Sicherheitslage/Methoden-der-Cyber-Kriminalitaet/Sonderfall-Emotet/sonderfall-emotet_node.htmlAus.
A side note to the members of mafianeindanke: despite the continuing spam mails, e-mail traffic within the association is still possible and can be continued without hesitation. There is no evidence that sending e-mails leads to an increase in the volume of spam.
Status Update 2, 15.06., 19:15
Talks with our email providers had as a result that there are no anomalies. At the same time, it became clear today that an employee of mafianeindanke received an email yesterday on his private account at 15:30 and opened the attachment, a zip file, in his browser. This email came from a company that is facing the same issue as mafianeindanke now, but has no relation to mafianeindanke. We are not yet able to determine if and how this email is the cause of the email problem. However, this does not suggest a targeted attack on mafianeindanke’s infrastructure, which is why we have adjusted the headline above.
Status update 15.06., 12:30
– It is now known that at least one e-mail box, presumably an internal mafianeindanke account, was hacked. The fact that the spam e-mails contain subject lines and partly also text contents from earlier e-mails indicates this. The extent to which the mailbox was hacked is not known.
– The passwords of the mailbox and other accounts have been changed.
– mafianeindanke has contacted the two providers of the email webspaces that the association currently uses or had contracted until February 2022. The current provider has not found any evidence, while the former provider has not yet given any feedback.
– Mafianeindanke has called in expert advice to clarify the consequences of the incident as soon as possible and to comply with data protection obligations.
– It is not advisable to document spam emails and send them to mafianeindanke, as this can potentially lead to an extension of the spam chain.
First report (14.06., 22:30)
Unfortunately, mafianeindanke was the target of a partially successful hacker attack today. What exactly happened and from where the attack started is currently unclear, which is why mafianeindanke explicitly points out that the following information only reflects the current state of information (14.06.2022, 22:30). While a solution is being worked on at the highest priority, the association informs as follows:
– Unknown persons had gained access to a list of e-mail addresses. These include internal association addresses as well as those of members and other contacts of mafianeindanke. At the moment there is no evidence that one or more mailboxes were directly accessed. mafianeindanke is still in control of all association accounts, including the club’s internal mailboxes.
– As a result of the hacker attack, mafianeindanke members or contacts of mafianeindanke receive spam emails that look as if they were sent directly from mafianeindanke or other association members and contacts. They also look deceptively real (e.g. because of the subject) and usually contain an attachment. It is suspected that opening the attachment will continue the spam chain, which unfortunately has already happened several times.
– The recommendation of the association’s board is to immediately delete all suspicious emails that members or contacts of mafianeindanke receive directly or indirectly, and under no circumstances to open or download the attachment. The passwords of affected email accounts should be changed in any case, even if you have not opened the attachment.
– mafianeindanke is working on the solution with the highest priority, which also includes informing the responsible authorities. However, due to the dynamics, it is not foreseeable how long the attack will last.
– The affected email addresses continue to work and communication is possible, but internal email communication should be avoided. If possible, other channels should be used; those affected can also contact the mafianeindanke telephone, which is available Mon-Fri from 10am-5pm by telephone and if necessary also outside these hours via Signal/Telegram/Whatsapp.
– There is currently no indication that any sensitive or personal data other than email addresses has been affected.
mafianeindanke apologises to those affected for any inconvenience caused.
This information is also shared in abbreviated form on mafianeindanke’s social media channels. The information and recommendations are valid until an update is made to this page, for which we will provide ongoing updates through the usual channels.
The board of mafianeindanke