A new campaign allowed QBot to infect numerous corporate users

October 19, 2022
Threat Campaign QBot Malware Infection Corporate Users Email Hijacking

Researchers revealed that an ongoing threat campaign had enabled the QBot malware to infect over 800 corporate users since September. QBot is an infostealer malware with backdoor and self-propagating capabilities operating for over a decade.

Some threat actors used the malware as an initial transmitter for malicious cyberattacks.

Its recent campaign exploited the Follina vulnerability, leading to remote code execution against numerous targets. A couple of years ago, the primary strategy adopted by the QBot operators was emailing thread hijacking.

The hijacking of email threads is a method that has been utilised by many threat actors in several surges of attacks and is still efficient today.

Based on reports, QBot steals email archives from compromised devices and utilises the stolen emails for the following mailings. The attackers use the information obtained from the stolen emails to deceive victims into opening the malicious emails.

 

The QBot operators have already infected nearly 2,000 users since the start of October.

 

According to researchers, the QBot malware observed about 2,000 infected users from September 28 to October 7. Most of the compromised victims belonged to the corporation, which has the potential to propagate more.

The most affected countries are India, Italy, Germany, and the United States since they are the prioritised target of the QBot operators.

Additionally, there are approximately 220 victims from the United States and 95 out of 220 victims are corporate users. This data could lead to the possible exposure of organisational information that the attackers can use for more illegal activities.

Cybersecurity experts recommend that every employee be cautious about incoming emails, especially if they are unwanted emails. They should also be wary of accidental access since most emails have an automatic backdoor that could infect a system.

The researchers could not pinpoint the exact number of potentially affected entities and the type of industry targeted by the QBot campaign. Therefore, all organisations should look out for these incoming emails to mitigate the chances of getting compromised by malicious actors.

About the author

Leave a Reply