Qakbot malware reportedly returns, despite the fact that the FBI says it took it out. This new development is making the rounds as researchers are now seeing Qakbot operators back in action.
Qakbot Malware Returns
The mission of the FBI against the dreaded Qakbot malware operators might not have been as successful as initially imagined and thought, as in true comic book fashion, the cyber-villains as you should know are back and with a vengeance.
Cybersecurity researchers from Cisco Talos just recently released a new report thus stating that QakBot operators are very much likely behind a brand new phishing campaign (which has been active since August this year), whose main goal is to deliver the Cyclops and Remcos RATs (remote access trojan).
“The law enforcement operation may not have impacted Qakbot operators’ spam delivery infrastructure but rather only their command and control (C2) servers,” the report reveals.
FBI’s Announcement in Late August 2023
The news in question follows an announcement in late August 2023 from FBI Director Christoper Wray, who at the time spoke about taking down one of the biggest and most disruptive botnet malicious networks that are around in its Operation Duck Hunt.
“The victims ranged from financial institutions on the East Coast to a critical infrastructure government contractor in the Midwest to a medical device manufacturer on the West Coast,” Wray in the video stated. “This botnet provided cybercriminals like these with a command-and-control infrastructure consisting of hundreds of thousands of computers used to carry out attacks against individuals and businesses all around the globe.”
Researchers Have Been Distributing Other RATs
While the researchers at Talos link the campaign with QakBot affiliates, they however did stress that they have been distributing other RATs in question, rather than just the QakBot loader itself. “Though we have not seen the threat actors distributing Qakbot post-infrastructure takedown, we assess the malware will likely continue to pose a significant threat moving forward,” Venere stated.
“We see this as likely as the developers were not arrested and are still operational, opening the possibility that they may choose to rebuild the Qakbot infrastructure.”
What You Should Know About the QakBot
QakBot as you should know is a piece of malware that is more than a decade old, at most times also known as Qbot, or Pinkslipbot. The bot in question targets Windows-powered endpoints, and has reportedly evolved heavily through the years to, among many other things, deliver ransomware, as well.
MORE RELATED POSTS