Threat Management
Qakbot banking trojan examined in Microsoft report
ZDNet reports that cyberattackers have begun leveraging the Qakbot banking trojan to deploy numerous ransomware variants.
Qakbot's modular nature has enabled attackers to launch attacks that are difficult to detect, remove, and prevent. Qakbot primarily uses email attachments, links, and images to deliver payloads, although Visual Basic for Applications and legacy Excel 4.0 macros are also being leveraged for machine infection, according to a report from the Microsoft 365 Defender Threat Intelligence Team. Microsoft added that Qakbot also seeks to move laterally across networks, use Cobalt Strike, and spread ransomware.
"Qakbot has a Cobalt Strike module, and actors who purchase access to machines with prior Qakbot infections may also drop their own Cobalt Strike beacons and additional payloads... Using Cobalt Strike lets attackers have full hands-on-keyboard access to the affected devices, enabling them to perform additional discovery, find high-value targets on the network, move laterally, and drop additional payloads, especially human-operated ransomware variants such as Conti and Egregor," said Microsoft.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds