Welcome to our biweekly cybersecurity roundup. In these blog posts, we feature curated articles and insights from experts, providing you with valuable information on the latest cybersecurity threats, technologies, and best practices to keep yourself and your organization safe. Whether you’re a cybersecurity professional or a concerned individual, our biweekly blog post is designed to keep you informed and empowered.

For more articles, check out our #onpatrol4malware blog.

QakBot Malware Resurfaces with New Tactics, Targeting the Hospitality Industry

Source: The Hacker News

A new wave of phishing messages distributing the QakBot malware has been observed, more than three months after a law enforcement effort saw its infrastructure dismantled by infiltrating its command-and-control (C2) network. Read more.

PikaBot distributed via malicious search ads

Source: Malwarebytes LABS

In the past few days, researchers including ourselves have observed PikaBot, a new malware family that appeared in early 2023, distributed via malvertising. PikaBot was previously only distributed via malspam campaigns similarly to QakBot and emerged as one of the preferred payloads for a threat actor known as TA577. Read more.

Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol


The malware utilizes NKN technology for data exchange between peers, functioning as a potent implant, and equipped with both flooder and backdoor capabilities. Read more.

Rhadamanthys v0.5.0 – A Deep Dive into the Stealer’s Components


In this article we do a deep dive into the functionality and cooperation between the modules. The first part of the article describes the loading chain that is used to retrieve the package with the stealer components. In the second part, we take a closer look at those components, their structure, abilities, and implementation. Read more.

Chinese APT Volt Typhoon Linked to Unkillable SOHO Router Botnet


Malware hunters in the United States have set eyes on an impossible to kill botnet packed with end-of-life SOHO routers serving as a covert data transfer network for Volt Typhoon, a Chinese government-backed hacking group previously caught targeting US critical infrastructure. Read more.

Gaza Cybergang | Unified Front Targeting Hamas Opposition

Source: SentinelLABS

SentinelLabs’ analysis reinforces the suspected ties between Gaza Cybergang and WIRTE, historically considered a distinct cluster with loose relations to the Gaza Cybergang. Read more.

Rhysida Ransomware

Source: ShadowStackRE

On December 12th 2023 Rhysida claimed to have penetrated and encrypted Insomniac Games from Burbank, California. The studio founded in 1994 and currently owned by Sony Interactive Entertainment, has been responsible for such hits as the recently released ‘Marvel’s Spider-man’ series and the ‘Ratchet & Clank’ series. Read more.