The Emotet malware gang is now using a tactic that has been previously seen used by nation-state hackers. The group has been spotted this week reviving old email conversation threads and injecting links to malicious files. Users involved in the previous email exchanges would receive an email spoofed to appear from one of their previous correspondents, but actually coming from Emotet servers. The email conversation thread would be left intact, but the Emotet gang would insert an URL at the top of the email that would link to an Emotet-infected file, or attach a malicious document to the existing email thread.
Source: ZDNet