Qakbot returns in fresh assault on hospitality sector

2023-12-18 12:45

The Qakbot botnet has been disrupted this summer, but cybercriminals are not ready to give up on the malware: Microsoft's threat analysts have spotted a new phishing campaign attempting to deliver it to targets in the hospitality industry.

In August, the US Department of Justice has successfully disrupted the Qakbot botnet by seizing 52 servers and removing the malware loader from over 700,000 victim computers worldwide.

At the time, the DOJ seized over $8.6 million in cryptocurrency from the wallets of the Qakbot cybercriminal organization and identified compromised account credentials, while the FBI also gained access to Qakbot infrastructure, uncovering files related to botnet operation, ransomware victims, and details about ransomware attacks.

Disruption does not equal annihilation, and a resurgence of Qakbot distribution efforts was to be expected.

The Microsoft Threat Intelligence team recently identified a new Qakbot phishing campaign, the first since the takedown.

"The PDF contained a URL that downloads a digitally signed Windows Installer. Executing the MSI led to Qakbot being invoked using export 'hvsi' execution of an embedded DLL," the analysts noted.

News URL

https://www.helpnetsecurity.com/2023/12/18/qakbot-phishing-hospitality-industry/