Qakbot malware returns, despite the FBI saying it took it out

Researchers are seeing Qakbot operators back in action

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The FBI’s mission against the dreaded Qakbotmalwareoperators might not have been as successful as initially thought, as in true comic book fashion, the cyber-villains are back with a vengeance.

Cybersecurity researchers from Cisco Talos recently releaseda new reportstating that QakBot operators are likely behind a brand new phishing campaign (active since August this year), whose goal is to deliver the Cyclops and Remcos RATs (remote access trojan).

“The law enforcement operation may not have impacted Qakbot operators’ spam delivery infrastructure but rather only their command and control (C2) servers,” the report reads.

Operation Duck Hunt

The news follows an announcement in late August 2023 from FBI Director Christoper Wray, who spoke about taking downone of the biggest and most disruptive botnet malicious networksaround in its Operation Duck Hunt.

“The victims ranged from financial institutions on the East Coast to a critical infrastructure government contractor in the Midwest to a medical device manufacturer on the West Coast,” Wray said in the video. “This botnet provided cybercriminals like these with a command-and-control infrastructure consisting of hundreds of thousands of computers used to carry out attacks against individuals and businesses all around the globe.”

While Talos’ researchers link the campaign with QakBot affiliates, they did stress that they’ve been distributing other RATs, rather than the QakBot loader itself. “Though we have not seen the threat actors distributing Qakbot post-infrastructure takedown, we assess the malware will likely continue to pose a significant threat moving forward,” Venere said.

“We see this as likely as the developers were not arrested and are still operational, opening the possibility that they may choose to rebuild the Qakbot infrastructure.”

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

QakBot is a piece of malware more than a decade old, sometimes also known as Qbot, or Pinkslipbot. It targets Windows-poweredendpoints, and has evolved heavily through the years to, among other things, deliver ransomware, as well.

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Thousands of employees could be falling victim to obvious phishing scams every month

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Rising AI threats are making firms turn back to human intelligence