QakBot Malware Operators Tenacious Despite Setbacks
• QakBot malware operators have continued to conduct their phishing campaigns despite disruptions.
• Since early August 2023, these phishers are responsible for delivering the Ransom Knight (aka Cyclops) ransomware and Remcos RAT.
• These recent events suggest the law enforcement operations only impacted a portion of the QakBot infrastructure and not their spam delivery mechanisms.
Malware Operators’ Resiliencers
Despite the law enforcement’s best efforts to disrupt the QakBot malware infrastructure, those sneaky keyboard warriors managed to keep on truckin’. They have been linked to an ongoing phishing campaign since early August 2023.
Legacy of Damage: Ransom Knight and Remcos RAT
What’s their special way of saying “How do you do?” you ask? Well, they’ve been delivering the Ransom Knight (so nicknamed for its chivalrous dedication to causing digital chaos) or as it’s also known, Cyclops ransomware, and Remcos RAT, the digital rodent raking havoc in its wake.
Law Enforcement Strikes… Strike One?
Now, here is where it gets interesting. It seems the law enforcement agencies did their bit and tried to disrupt this digital delinquency known as the QakBot infrastructure. But guess what? The QakBot operators might just be playing a better game of hide and seek than previously thought.
Pinpointed Missteps: Limited Impact of Law Enforcement Action
The way it looks, all their action against these miscreants might not have had the impact they were hoping for. It seems they only managed to disrupt a little bit of their operation. The spam delivery infrastructure remains untouched and as active as a squirrel on caffeine.
So, there you have it folks. The QakBot malware operators have managed to stay afloat despite law enforcement’s best knock, knock jokes, err… operations to disrupt their activities. These digital villains have kept their operations buzzing, continuing their phishing campaigns and delighting us all with the ‘gifts’ of the Ransom Knight (or Cyclops) ransomware and Remcos RAT. And it appears the enforcers’ action only managed to disrupt a portion of their operation. It’s like trying to catch smoke with your bare hands. Time will tell if they manage to finally squelch this underbelly of the digital world.Original Article: https://thehackernews.com/2023/10/qakbot-threat-actors-still-in-action.html