"Qakbot Ducks for Cover With New Tactics"
New research on the Qakbot malware network reveals that the bots in the network have a high rate of turnover over time and that the average lifespan of a bot or command-and-control (C2) server is typically only a few days. Qakbot is considered ancient because it has been active since 2007 and has significantly evolved throughout the years. It evolved from a traditional banking Trojan into a malware delivery platform and ransomware network. In response to the evolution and improvement of defenses over the past few years, Qakbot operators have modified their strategies, delivery methods, and the types of malicious attachments they use in their spam emails. At the beginning of 2023, the most significant change was the transition from macro-laden attachments to Microsoft OneNote files. In recent months, there have been major increases in Qakbot activity, which is typical for a cyclical network. Although the spam runs and intrusions primarily target enterprise users, many C2 nodes are located on consumer devices, which is one of the defining characteristics of the Qakbot network. Qakbot is one of the most resilient and persistent malware networks currently active, and its operators have demonstrated the ability to adapt their tactics as necessary. This article continues to discuss new findings regarding the Qakbot malware network.