The Qakbot malware operation     , also known as Qbot or Pinkslipbot    , remains a significant threat despite a recent law enforcement raid called “Operation Duck Hunt” that targeted its infrastructure .
The FBI’s operation only affected the group’s command and control servers , leaving their spam delivery infrastructure intact    . The Qakbot malware group    , originally a banking trojan that evolved into a botnet for ransomware attacks , is still active and may choose to rebuild their infrastructure  . Since August 2023    , researchers from Cisco’s Talos unit have observed the group running a campaign using phishing attacks to distribute the Ransom Knight ransomware and Remcos RAT . In this campaign  , Qakbot has inserted malicious messages into existing email conversations and downloaded three different malicious payloads , including modules for password-stealing , network scanning , and sending spam emails . The campaign uses LNK files in phishing emails , with filenames written in Italian , suggesting a focus on users in that region .
Security teams should take Qakbot infections seriously as they can be a precursor to a ransomware attack . Cisco Talos has released a report on this ongoing ransomware campaign . Sophos recommends caution when dealing with unusual or unexpected emails and suggests using security technologies to prevent Qakbot infections .
Despite the law enforcement operation’s impact on the Qakbot group’s command and control servers, their spam delivery infrastructure remains unaffected . The Qakbot threat actors have been linked to an ongoing phishing campaign since August 2023 , delivering the Ransom Knight ransomware and the Remcos RAT      . Although there is no evidence of Qakbot malware distribution post-infrastructure takedown, it is assessed that the malware will likely continue to pose a significant threat in the future . The threat actors may choose to rebuild Qakbot infrastructure to fully resume their pre-takedown activity . Security measures , such as caution when handling suspicious emails and the use of security technologies, are recommended to mitigate the risk of Qakbot infections.