• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Qakbot Debuts New Technique

You are here: Home / General Cyber Security News / Qakbot Debuts New Technique
March 10, 2022

A infamous botnet with a RAP sheet going again 15 yrs has been noticed using a novel attack strategy. 

Qakbot, also acknowledged as Qbot, was observed by scientists at Sophos Labs inserting by itself into the center of active email threads, making use of the compromised accounts of victims whose techniques experienced already succumbed to the malware. 

Cyber-criminals have prolonged utilised variants of Qakbot to get knowledge and conduct reconnaissance inside of victims’ networks illegally. 

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


In research published Thursday, scientists explained that the destructive responses which cropped up in discussions many thanks to Qakbot took the type of a reply-all message. The information contained a quick sentence together with a connection to down load a zip file that contains a malicious Workplace document. 

The inbound links may perhaps seem as simple URLs or as hotlinked textual content in the body of the email. Targets who stick to the inbound links and open the doc become victims of the botnet.

Researchers Andrew Brandt and Steeve Gaudreault pointed out that the mimicking qualities of Qakbot make this new email insertion attack hard to spot. 

They said: “Because the malware is so very good at executing this – quoting the first message just after its malicious reply – it can be tough for the targets of these attacks to figure out that the messages they get didn’t come from the human remaining who owns the email box wherever they originated.” 

In one attack, during which Qakbot despatched a listserv announcement about a musical live performance, the malware sent at least 3 different payloads, including a web injector for stealing login qualifications and an ARP-scanning part that attempted to profile the network on which it was functioning. 

Researchers observed that a Qakbot infection could be an omen that a further extra serious attack is about to manifest.

“The presence of Qakbot infections, typically, also correlates highly with the precursor indicators that a ransomware attack might start out soon,” they wrote.

They extra: “We’ve encountered Qakbot samples that supply Cobalt Strike beacons immediately to the infected host, supplying the operators of the botnet with a secondary earnings stream: At the time the Qakbot-functioning menace actors have employed the contaminated computer system to their pleasure, they can then lease out or promote obtain to the compromised network by transferring accessibility to these beacons to other menace actors.”


Some elements of this article are sourced from:
www.infosecurity-journal.com

Previous Post: «Cyber Security News AI Accountability Framework Created to Guide Use of AI in Security
Next Post: Alleged Kaseya Attacker Extradited to US Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • WhatsApp Unveils Proxy Support to Tackle Internet Censorship
  • Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
  • Blind Eagle Hacking Group Targets South America With New Tools
  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless
  • Podcast transcript: Going passwordless

Copyright © TheCyberSecurity.News, All Rights Reserved.