Qbot malware returns in campaign targeting hospitality industry
Posted: Mon Dec 18, 2023 3:33 pm
The QakBot malware is once again being distributed in phishing campaigns after the botnet was disrupted by law enforcement over the summer.
In August, a multinational law enforcement operation called Operation Duck Hunt accessed the QakBot admin's servers and mapped out the botnet's infrastructure.
After gaining access to the botnet's encryption keys used for malware communication, the FBI was able to hijack the botnet to push a custom Windows DLL module to infected devices. This DLL executed a command that terminated the QakBot malware, effectively disrupting the botnet.
While a phishing service that was used to distribute the Qbot malware has seen activity since the disruption, there was no distribution of the QakBot malware until this past Monday, when the new phishing campaign started.
[...]
Qbot malware returns in campaign targeting hospitality industry
In August, a multinational law enforcement operation called Operation Duck Hunt accessed the QakBot admin's servers and mapped out the botnet's infrastructure.
After gaining access to the botnet's encryption keys used for malware communication, the FBI was able to hijack the botnet to push a custom Windows DLL module to infected devices. This DLL executed a command that terminated the QakBot malware, effectively disrupting the botnet.
While a phishing service that was used to distribute the Qbot malware has seen activity since the disruption, there was no distribution of the QakBot malware until this past Monday, when the new phishing campaign started.
[...]
Qbot malware returns in campaign targeting hospitality industry