Qakbot Threat Actors Deliver Knight Ransomware & Remcos Via LNK Files

9 October 2023

Talos researchers moderately believe Qakbot threat actors remain active, launching a recent campaign with Cyclops/Ransom Knight ransomware and the Remcos backdoor, tracked through LNK file metadata connections to past campaigns. Talos researchers used LNK file metadata to trace threat actors, linking the “AA” and “BB” campaigns in January 2023. After their report, Qakbot actors in the “AA,” “BB,” and “Obama” campaigns began removing LNK file metadata to evade detection and tracking.

Source: GBHackers

Date:

9 October 2023

Categorie(s):

NEWS

Tag(s):

Cyber Security News, Files, Qakbot, Ransomware, Via

No more 12345: devices with weak passwords to be banned in UK28 April 2024
20 Best Linux Password Managers in 202428 April 2024
Reliable Web App Pattern: Now Optimizes Azure Migration with Enhanced Infrastructure and Security28 April 2024
Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks28 April 2024
Good Security Is About Iteration, Not Perfection.28 April 2024