The infamous malware loader and initial access broker known as Bumblebee has resurfaced after a four-month absence as part of a new phishing campaign observed in February 2024. The enterprise security firm Proofpoint reported that the activity targets organizations in the US with voicemail-themed lures containing links to OneDrive URLs. "The URLs led to a Word file with names such as "ReleaseEvans#96.docm" (the digits before the file extension varied)," the company said in a recent report. "Th
qakbot (8)
The malware loader PikaBot is being distributed as part of a malvertising campaign targeting users searching for legitimate software like AnyDesk. PikaBot was previously only distributed via malspam campaigns, similar to QakBot, and emerged as one of the preferred payloads for a threat actor known as TA577. The malware family, which first appeared in early 2023, consists of a loader and a core module that allows it to operate as a backdoor and a distributor for other payloads.
See: https://re
A criminal ransomware network connected to a cyber-attack inside numerous US hospitals has been taken down by the FBI, according to a US Department of Justice press release. The attack hit over 200,000 computers across the US and cost hundreds of millions of dollars in damage. The FBI called it a duck hunt taking down the hacking network called Qakbot. “Qackbot is one of the most successful persistent and notorious botnets in the globe,” said US Attorney Martin Estrada. “Stopping cybercrime i
Qakbot was first observed in 2008. While it was originally a banking trojan, it has evolved over time to include gaining access, dropping additional malware, and performing other data-stealing, ransomware, and malicious activities across a network.
QakNote is the name of the new QakBot campaign. It was first reported by Cynet researcher, Max Malyutin, on Twitter, who explained that threat actors were experimenting with a new Distribution method to replace the former use of ma
According to cyber security professionals, ZIP and RAR files have overtaken Office documents as the file most used by cyber criminals to deliver malware, according to an analysis of real-world cyberattacks and data collected from millions of PCs. The research, based on customer data found in the period between July and September 2022, 42% of attempts at delivering malware attacks used archive file formats, including ZIP and RAR.
That means cyberattacks attempting to exploit ZIP and RAR formats
The Qbot malware was first discovered in 2008 and it has been used for a variety of purposes. It boasts a couple of prolific campaigns in recent years, particularly in 2020, but recent events indicate that it might have a slightly different coat of paint. We’ll begin our exploration here with a little bit of history on the Qbot malware, but from there we will move on to discussing DLL usage manipulation in Windows. In particular, we’ll go over a little bit about DLL side-loading: what it is, how
Activity Summary - Week Ending on 22 July 2022:
- Red Sky Alliance identified 21,897 connections from new IP’s checking in with our Sinkholes
- com 424x
- Analysts identified 1,504 new IP addresses participating in various Botnets
- Log4Shell update
- Vulnerabilities in Siemens JT2Go & Teamcenter Visualization
- QakBot
- Confucius Says
- Sewers held Hostage
- Attacks Shame, Scare Victims
- GPS Vulnerabilities
Link to full report: IR-22-203-001_weekly203.pdf
Activity Summary - Week Ending 17 September 2021:
- Red Sky Alliance identified 37,866 connections from new unique IP addresses
- Analysts identified 765 new IP addresses participating in various Botnets
- Compromised IP: 107.172.100.248
- Is it REvil or is it the Feds?
- BazarLoader
- QakBot
- BlackMatter and Cameras?
- Grayfly – an Arm of APT41
- EasyJet in the Crosshairs
- Just Who’s Winning the Cyber War?
- Tiananmen Square Memorials
Link to full report: IR-21-260-001_weekly_260.pdf
