Like a zombie, Qakbot’s back.

Share This Post

In a not-so-unexpected turn of events, Qakbot is back. Just a short time after the August takedown of the notorious group, researches have found that these threat-actors are still active. In fact, they may have never actually been inactive, as an attack campaign that was active DURING the takedown, is still active.

The current campaign involves two primary pieces of malware:

  • Ransom Knight – a Ransomware as a Service malware being delivered via .lnk files that are set to download this malware upon execution.
  • Remcos backdoor – a remote access trojan allowing persistent access for further attacks even after ransomware has been deployed.

As always, the best defense against Qakbot attacks is education. Qakbot is primarily delivered via email attachments, and users should be made aware of this and educated on how to handle these emails. Additionally, Qakbot is exceptionally evasive and persistent. Any indication that it may have been unleashed on your network requires prompt, diligent and thorough threat-hunting and eradication.

For more more information on Qakbot’s Halloween-appropriate undead act see this article: https://www.darkreading.com/attacks-breaches/qakbot-infections-continue-even-after-high-profile-raid



Reach out to our incident response team for help

More To Explore

Information Security News – 07/06/26

SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation Article Link: https://thehackernews.com/2026/07/sharepoint-rce-cve-2026-45659-added-to.html ‘Djinn’ Stealer Targets Cloud, AI Credentials Article Link: https://www.darkreading.com/cyberattacks-data-breaches/djinn-stealer-targets-cloud-ai-credentials ChocoPoC Malware Targets

Information Security News – 6/29/26

SimpleHelp Bug Lets Hackers Create Rogue Remote Support Accounts Article Link: https://www.bleepingcomputer.com/news/security/simplehelp-bug-lets-hackers-create-rogue-remote-support-accounts/ New macOS ClickFix Attack Silently Mounts DMGs to Push Infostealer Article Link: https://www.bleepingcomputer.com/news/security/new-macos-clickfix-attack-silently-mounts-dmgs-to-push-infostealer/

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.