Qakbot returns in fresh assault on hospitality sector

The Qakbot botnet has been disrupted this summer, but cybercriminals are not ready to give up on the malware: Microsoft's threat analysts have spotted a new phishing campaign attempting to deliver it to targets in the hospitality industry.
Qakbot, also known as Qbot, started as banking malware but has since evolved into a versatile vehicle for malware and ransomware distribution.
Its long-term survival and success are attributed to its operators' periodically altering their tools and tactics, pausing spamming attacks for extended periods before returning with modified strategies.
In August, the US Department of Justice has successfully disrupted the Qakbot botnet by seizing 52 servers and removing the malware loader from over 700,000 victim computers worldwide.
At the time, the DOJ seized over $8.6 million in cryptocurrency from the wallets of the Qakbot cybercriminal organization and identified compromised account credentials, while the FBI also gained access to Qakbot infrastructure, uncovering files related to botnet operation, ransomware victims, and details about ransomware attacks.
Disruption does not equal annihilation, and a resurgence of Qakbot distribution efforts was to be expected.
The Microsoft Threat Intelligence team recently identified a new Qakbot phishing campaign, the first since the takedown.
First observed on December 11, the campaign was small and targeted the hospitality industry via email.
The email came from a sender pretending to be an IRS employee and contained a PDF named GuestListVegas.
They added that the DLL payload was created on the same day the campaign started, and provided two IP addresses defenders can block to prevent the running of the malware.


This Cyber News was published on www.helpnetsecurity.com. Publication date: Mon, 18 Dec 2023 13:13:22 +0000


Cyber News related to Qakbot returns in fresh assault on hospitality sector

Qbot malware returns in campaign targeting hospitality industry - The QakBot malware is once again being distributed in phishing campaigns after the botnet was disrupted by law enforcement over the summer. In August, a multinational law enforcement operation called Operation Duck Hunt accessed the QakBot admin's ...
11 months ago Bleepingcomputer.com
Qakbot Sightings Confirm Law Enforcement Takedown Was Only a Setback - In recent days, several security vendors have reported seeing the malware being distributed via phishing emails that target organizations in the hospitality sector. For the moment, the email volumes appear to be relatively low. Given the tenacity ...
11 months ago Darkreading.com
Qakbot returns in fresh assault on hospitality sector - The Qakbot botnet has been disrupted this summer, but cybercriminals are not ready to give up on the malware: Microsoft's threat analysts have spotted a new phishing campaign attempting to deliver it to targets in the hospitality industry. Qakbot, ...
11 months ago Helpnetsecurity.com
Qakbot returns: FBI-led takedown lasts just 3 months The Register - Multiple sources are confirming the resurgence of Qakbot malware mere months after the FBI and other law enforcement agencies shuttered the Windows botnet. Microsoft Threat Intelligence reckons a new Qakbot phishing campaign is active as of December ...
11 months ago Theregister.com
Hackers Using Weaponized PDF Files to Deliver Qakbot Malware - Qakbot is a sophisticated banking trojan and malware that primarily targets financial institutions. This sophisticated malware steals sensitive information such as:-. Not only that, even Microsoft has found small-scale phishing targeting the ...
10 months ago Gbhackers.com
New QakBot phishing campaign appears, months after FBI takedown - Months after an international law enforcement operation dismantled the notorious QakBot botnet, a new phishing campaign distributing the same malicious payload has been discovered. QakBot was one of the most deployed malware loaders in 2023 until an ...
11 months ago Packetstormsecurity.com
More than $100 million in ransom paid to Black Basta gang over nearly 2 years - The Black Basta cybercrime gang has raked in at least $107 million in ransom payments since early 2022, according to research from blockchain security company Elliptic and Corvus Insurance. The group has infected more than 329 victim organizations ...
11 months ago Therecord.media
How a Group of Train Hackers Exposed a Right-to-Repair Nightmare - Earlier this month, Polish hackers known as Dragon Sector accused one of Poland's largest train makers, Newag, of intentionally bricking its own trains when they're repaired by third parties. Newag threatened to sue Dragon Sector, but the story ...
10 months ago Packetstormsecurity.com
Microsoft fixes Windows zero-day exploited in QakBot malware attacks - Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems. Tracked as CVE-2024-30051, this privilege escalation bug is caused by a heap-based buffer overflow in the ...
6 months ago Bleepingcomputer.com
A Plan to Protect Critical Infrastructure from 21st Century Threats - On April 30th, the White House released National Security Memorandum-22 on Critical Infrastructure Security and Resilience, which updates national policy on how the U.S. government protects and secures critical infrastructure from cyber and ...
5 months ago Cisa.gov
CVE-2017-10389 - Vulnerability in the Oracle Hospitality Suite8 component of Oracle Hospitality Applications (subcomponent: PMS). Supported versions that are affected are 8.10.1 and 8.10.2. Easily exploitable vulnerability allows low privileged attacker with logon to ...
5 years ago
CVE-2017-10221 - Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Hospitality Applications (subcomponent: OPS Operations). The supported version that is affected is 5.5. Difficult to exploit vulnerability allows low privileged attacker with logon ...
5 years ago
CVE-2017-10401 - Vulnerability in the Oracle Hospitality Cruise Materials Management component of Oracle Hospitality Applications (subcomponent: MMSUpdater). The supported version that is affected is 7.30.564.0. Easily exploitable vulnerability allows low privileged ...
5 years ago
CVE-2019-2409 - Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications (subcomponent: SPMS Suite). The supported version that is affected is 8.0.8. Easily exploitable vulnerability allows low ...
4 years ago
Research Reveals That Infostealers Target Healthcare Sector Data - New research by Netskope Threat Labs has revealed that infostealers were the primary malware and ransowmare families used to target the healthcare sector. Healthcare was among the top sectors impacted during 2023 by mega breaches, an attack where ...
8 months ago Itsecurityguru.org
Qakbot's Low-Volume Resurgence Targets Hospitality - Cybersecurity researchers spotted new Qakbot activity targeting the hospitality industry last week. According to a Saturday post on X by CronUp cyber threat intelligence specialist Germán Fernández, the new attacks are characterized by low volume ...
11 months ago Infosecurity-magazine.com
Black Basta's ransom haul tops $100M in less than 2 years - The Black Basta ransomware gang has raked in more than $100 million from victims of its double-extortion attacks since its emergence early last year, according to researchers. The haul - which included grabbing $9 million from one victim and more ...
11 months ago Packetstormsecurity.com
CVE-2017-10225 - Vulnerability in the Oracle Hospitality RES 3700 component of Oracle Hospitality Applications (subcomponent: OPS Operations). The supported version that is affected is 5.5. Difficult to exploit vulnerability allows physical access to compromise ...
5 years ago
CVE-2017-10398 - Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: BaseMasterPage). The supported version that is affected is 9.0.2.0. Easily exploitable vulnerability allows low privileged ...
5 years ago
CVE-2017-3568 - Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Printing and Login). Supported versions that are affected are 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x and 5.5.1.x. ...
5 years ago
CVE-2023-21932 - Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: OXI). The supported version that is affected is 5.6. Difficult to exploit vulnerability allows high privileged attacker with ...
1 year ago
CVE-2017-3573 - Vulnerability in the Oracle Hospitality OPERA 5 Property Services component of Oracle Hospitality Applications (subcomponent: OPERA Printing). Supported versions that are affected are 5.4.0.x, 5.4.1.x, 5.4.2.x, 5.4.3.x, 5.5.0.x and 5.5.1.x. Easily ...
7 years ago
CVE-2017-10372 - Vulnerability in the Oracle Hospitality Guest Access component of Oracle Hospitality Applications (subcomponent: Base). Supported versions that are affected are 4.2.0 and 4.2.1. Easily exploitable vulnerability allows high privileged attacker with ...
5 years ago
CVE-2017-10076 - Vulnerability in the Oracle Hospitality Simphony First Edition Venue Management component of Oracle Hospitality Applications (subcomponent: Core). The supported version that is affected is 3.9. Easily exploitable vulnerability allows low privileged ...
5 years ago
CVE-2017-10001 - Vulnerability in the Oracle Hospitality Simphony First Edition component of Oracle Hospitality Applications (subcomponent: Core). The supported version that is affected is 1.7.1. Easily exploitable vulnerability allows low privileged attacker with ...
5 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)