Qakbot's backbot: FBI-led takedown keeps crims at bay for just 3 months

2023-12-19 09:26

Multiple sources are confirming the resurgence of Qakbot malware mere months after the FBI and other law enforcement agencies shuttered the Windows botnet.

Microsoft Threat Intelligence reckons a new Qakbot phishing campaign is active as of December 11 but attack attempts are currently low in volume.

Germán Fernández, security researcher at CronUp, said the same PDF template was used by Pikabot operators just days earlier - Windows malware that shares many similarities with Qakbot.

Two researchers at Proofpoint, Tommy Madjar and Pim Trouerbach, also confirmed they had spotted updated Qakbot activity, but the new features only amount to "Minor tweaks."

August saw the conclusion of Operation Duck Hunt with what authorities said at the time was a takedown of Qakbot, seizing its infrastructure and 20 of its operators' crypto wallets.

"What we need to recognize is that malware networks like Qakbot are businesses for the bad guys who operate a fluid and flexible business model. It means they can spin up new opportunities quickly to continue their lucrative activities, and bring online new resources to keep their businesses running. These organizations anticipate infrastructure being brought down and they are prepared to resurface like a Phoenix."

News URL

https://go.theregister.com/feed/www.theregister.com/2023/12/19/qakbot_returns/

#FBI #takedown