Despite the takedown of the Qakbot threat gang’s infrastructure by the FBI in late August, some of the group’s affiliates are still deploying ransomware through phishing campaigns, according to Cisco Talos. Talos threat researchers found new evidence that a threat actor linked to the Qakbot malware loader (also known as QBot or Pinkslipbot) has been conducting a campaign since early August 2023 in which it has been distributing Ransom Knight ransomware and the Remcos backdoor via phishing emails.

Source: Infosecurity