Over the past 2 weeks, we observed a QAKBOT operators resumed email spam operations towards the end of September after an almost three-month hiatus. The Federal Bureau of Investigation (FBI) email servers were hacked to distribute spam email impersonating FBI warnings that the recipients’ network was breached and data was stolen.

For more articles, check out our #onpatrol4malware blog.

Franken-phish: TodayZoo built from other phishing kits

Source: Microsoft

A phishing kit built using pieces of code copied from other kits, some available for sale through publicly accessible scam sellers or are reused and repackaged by other kit resellers, provides rich insight into the state of the economy that drives phishing and email threats today. Read more.

Walking on APT31 infrastructure footprints

Source: Sekoia

APT31 (aka Zirconium or Judgment Panda) is an Advanced Persistent Threat group whose mission is likely to gather intelligence on behalf of the Chinese government. Read more.

FBI system hacked to email ‘urgent’ warning about fake cyberattacks

Source: BleepingComputer

The Federal Bureau of Investigation (FBI) email servers were hacked to distribute spam email impersonating FBI warnings that the recipients’ network was breached and data was stolen. Read more.

QAKBOT Loader Returns With New Techniques and Tools

Source: TrendMicro

QAKBOT operators resumed email spam operations towards the end of September after an almost three-month hiatus. QAKBOT detection has become a precursor to many critical and widespread ransomware attacks. Read more.

Emotet Returns

Source: ISC SANS

Back in January 2021, law enforcement and judicial authorities worldwide took down the Emotet botnet. Although some Emotet emails still went out in the weeks after that, those were remnants from the inactive botnet infrastructure. Read more.

Bogus JS libraries become sustained ransomware threat for Roblox gamers

Source: Malwarebytes Lab

If your kids play Roblox, you may wish to warn them of ransomware perils snapping at their heels. A very smart, and determined attack has been taking place for a little while now. Read more.

Hands-On Muhstik Botnet: crypto-mining attacks targeting Kubernetes

Source: sysdig

The Sysdig Security Research team has identified the famous Muhstik Botnet with new behavior, attacking a Kubernetes Pod with the plan to control the Pod and mine cryptocurrency. Read more.

Attackers use domain fronting technique to target Myanmar with Cobalt Strike

Source: SecureList

Cisco Talos discovered a malicious campaign using an obfuscated Meterpreter stager to deploy Cobalt Strike beacons in September 2021. The actor used a domain owned and operated by the Myanmar government, the Myanmar Digital News network. Read more.