Emotet attacks have targeted multiple state and local governments in the U.S. as part of potentially targeted campaigns. Cybersecurity and Infrastructure Security Agency says attacks have been ramping up since August. The malware is used to drop other malware families including the Trickbot (a known vector used to deploy both Ryuk and Conti ransomware) and the QakBot trojans. Since July 2020, CISA has observed increased EmOTet activity, with the EINSTEIN Intrusion Detection System detecting around 16,000 related alerts.
Source: https://www.bleepingcomputer.com/news/security/cisa-emotet-increasing-attacks-on-us-state-local-governments/