Summary: Cybersecurity researchers have uncovered a new BackConnect (BC) malware linked to the QakBot loader, which enhances the threat actors’ capabilities for persistence and exploitation. The malware utilizes modules like DarkVNC and IcedID to maintain remote access and gather system information. This development highlights the interconnected nature of cybercriminal groups, particularly between QakBot and the Black Basta ransomware operations.
Threat Actor: QakBot | QakBot
Victim: Various targets | Various targets
Keypoints :
- BackConnect malware developed by QakBot actors enhances persistence and exploitation capabilities.
- The malware operates on infrastructure previously associated with ZLoader and utilizes DNS tunneling for C2 communications.
- Threat groups STAC5777 and STAC5143 have been linked to the use of Microsoft Teams for vishing attacks and remote access exploitation.
Source: https://thehackernews.com/2025/01/qakbot-linked-bc-malware-adds-enhanced.html