The PikaBot malware has been added to the already complicated phishing campaign that is transmitting the darkGate malware infections, making it the most sophisticated campaign since the Qakbot operation was taken down.
The phishing email campaign began in September 2023, right after the FBI took down the Qbot (Qakbot) infrastructure.
In a report recently published by Cofense, researchers explain that the DarkGate and Pikabot operations employ strategies and methods that are reminiscent of earlier Qakbot attacks, suggesting that the threat actors behind Qbot have now shifted to more recent malware botnets.
“This campaign is undoubtedly a high-level threat due to the tactics, techniques, and procedures (TTPs) that enable the phishing emails to reach intended targets as well as the advanced capabilities of the malware being delivered,” the report reads.
This presents a serious risk to the organization because DarkGate and Pikabot are modular malware loaders that have many of the same features as Qbot, and Qbot was one of the most widely used malware botnets that were spread by malicious email.
Threat actors would likely utilize the new malware loaders, like Qbot, to get initial access to networks and carry out ransomware, espionage, and data theft assaults.
The DarkGate and Pikabot Campaign
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents