AdvisoriesCISAAA23-242AAugust 30, 2023
August 30, 2023
QakBot, a long-standing cyber threat also known as Qbot or Pinkslipbot, has been causing numerous malware infections worldwide since at least 2008. Originally a banking trojan, it has evolved into a versatile botnet capable of various malicious activities, including data theft and ransomware distribution. QakBot's modular design enables it to persist in the digital environment, and compromised devices are often sold to further the attacker's objectives. It has targeted critical sectors such as finance, emergency services, and elections infrastructure, prompting the FBI and CISA to recommend implementing mitigation measures to prevent QakBot infections and identify related threats. Disrupting QakBot does not eliminate other installed malware, so prompt incident response is crucial.
September 5, 2023
Three persistence techniques were exposed in the advisory: a registry run key to restart the malware when the computer reboots, a particular directory where the malware is stored on disk, and a specific registry key containing runtime configuration for the malware. By emulating these three techniques, you can determine how your endpoint defense will respond. Ideally, an EDR will notice the high-profile events and prevent the associated process from continuing.
Be immediately notified of new advisories and associated security tests
AdvisoryCISAAA24-207AJuly 25, 2024
