The Qakbot botnet has been disrupted this summer, but cybercriminals are not ready to give up on the malware: Microsoft's threat analysts have spotted a new phishing campaign attempting to deliver it to targets in the hospitality industry.
Qakbot, also known as Qbot, started as banking malware but has since evolved into a versatile vehicle for malware and ransomware distribution.
Its long-term survival and success are attributed to its operators' periodically altering their tools and tactics, pausing spamming attacks for extended periods before returning with modified strategies.
In August, the US Department of Justice has successfully disrupted the Qakbot botnet by seizing 52 servers and removing the malware loader from over 700,000 victim computers worldwide.
At the time, the DOJ seized over $8.6 million in cryptocurrency from the wallets of the Qakbot cybercriminal organization and identified compromised account credentials, while the FBI also gained access to Qakbot infrastructure, uncovering files related to botnet operation, ransomware victims, and details about ransomware attacks.
Disruption does not equal annihilation, and a resurgence of Qakbot distribution efforts was to be expected.
The Microsoft Threat Intelligence team recently identified a new Qakbot phishing campaign, the first since the takedown.
First observed on December 11, the campaign was small and targeted the hospitality industry via email.
The email came from a sender pretending to be an IRS employee and contained a PDF named GuestListVegas.
They added that the DLL payload was created on the same day the campaign started, and provided two IP addresses defenders can block to prevent the running of the malware.
This Cyber News was published on www.helpnetsecurity.com. Publication date: Mon, 18 Dec 2023 13:13:22 +0000