Qakbot malware returns, despite the FBI saying it took it out

News
By Sead Fadilpašić
published

Researchers are seeing Qakbot operators back in action

ID theft
Image credit: Pixabay (Image credit: Future)

The FBI’s mission against the dreaded Qakbot malware operators might not have been as successful as initially thought, as in true comic book fashion, the cyber-villains are back with a vengeance.

Cybersecurity researchers from Cisco Talos recently released a new report stating that QakBot operators are likely behind a brand new phishing campaign (active since August this year), whose goal is to deliver the Cyclops and Remcos RATs (remote access trojan). 

“The law enforcement operation may not have impacted Qakbot operators’ spam delivery infrastructure but rather only their command and control (C2) servers,” the report reads.

Operation Duck Hunt

The news follows an announcement in late August 2023 from FBI Director Christoper Wray, who spoke about taking down one of the biggest and most disruptive botnet malicious networks around in its Operation Duck Hunt. 

"The victims ranged from financial institutions on the East Coast to a critical infrastructure government contractor in the Midwest to a medical device manufacturer on the West Coast," Wray said in the video. "This botnet provided cybercriminals like these with a command-and-control infrastructure consisting of hundreds of thousands of computers used to carry out attacks against individuals and businesses all around the globe."

While Talos’ researchers link the campaign with QakBot affiliates, they did stress that they’ve been distributing other RATs, rather than the QakBot loader itself. "Though we have not seen the threat actors distributing Qakbot post-infrastructure takedown, we assess the malware will likely continue to pose a significant threat moving forward," Venere said. 

“We see this as likely as the developers were not arrested and are still operational, opening the possibility that they may choose to rebuild the Qakbot infrastructure.”

QakBot is a piece of malware more than a decade old, sometimes also known as Qbot, or Pinkslipbot. It targets Windows-powered endpoints, and has evolved heavily through the years to, among other things, deliver ransomware, as well.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.