On May 26th at around 14:37-14:47 UTC, Qakbot’s tier two distribution server was “mysteriously” taken down. However, it seems that the threat group that runs Qakbot, which Binary Defense tracks as Durak Group, didn’t notice that their server was gone until they began gearing up for their new campaign early in the morning of May 27th. Because of this, there was no malicious spam distribution campaign on May 27th. However, it only took Durak Group a day to spin up a new server, and malware distribution through email resumed on May 28th in a campaign that the threat actors labeled as spx128.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.