Cybersecurity researchers noticed new Qakbot exercise focusing on the hospitality trade final week.
In response to a Saturday put up on X (previously Twitter) by CronUp cyber menace intelligence specialist Germán Fernández, the brand new assaults are characterised by low quantity and have been traced again to a marketing campaign labeled tchk06, Model 0x500.
Fernández recognized a selected operational method wherein the malicious information advance by way of electronic mail, PDF, URL and MSI.
Notably, these dangerous information are authenticated with the signature “SOFTWARE AGILITY LIMITED.” The PDF template employed in these assaults is similar to the one just lately utilized by the PikaBot malware.
So, now we have new #Qakbot exercise with low-volume assaults focusing on the hospitality trade 🔥.
EMAIL > PDF > URL > MSI (#Signed by “SOFTWARE AGILITY LIMITED”). Marketing campaign: tchk06, Model: 0x500.
PDF template is similar one utilized by #PikaBot a number of days in the past, after all.
Some… pic.twitter.com/PYW6uGO5mi
— Germ�n Fern�ndez (@1ZRR4H) December 16, 2023
Microsoft Risk Intelligence additionally reported on the Qakbot phishing campaigns on Saturday, figuring out their initiation on December 11. The phishing makes an attempt have been notably delicate, with targets receiving a PDF from an imposter posing as an IRS worker.
On the identical day, Zscaler ThreatLabz make clear the technical facets of the renewed Qakbot, revealing it to be a 64-bit model using AES for community encryption. The malware sends POST requests to the trail /teorema505, indicating a shift in ways in comparison with earlier iterations.
The importance of this Qakbot resurgence lies in its adaptation to evade prior disruption efforts, using a well-known PDF template to use vulnerabilities throughout the hospitality sector.
The brand new assaults are a notable growth following earlier efforts to dismantle the malware earlier this 12 months. Notably, Operation Duck Hunt, an FBI-led initiative, efficiently shut down Qakbot malware on August 30 2023.
Learn extra on this operation: FBI-Led Operation Duck Hunt Shuts Down QakBot Malware
Regardless of the obvious success of this operation, subsequent studies in October highlighted that the Qakbot gang remained energetic, indicating the persistent challenges in fully eradicating such threats.
Infosecurity will proceed to comply with developments relating to the QakBot malware and supply updates concerning the newest assaults as quickly as they’re accessible.