On November 20, 2023, Cofense researchers published a report on a phishing campaign spreading DarkGate and Pikabot that is leveraging tactics previously used to deploy QakBot.
Cofense researchers stated, “This campaign disseminates a high volume of emails to a wide range of industries, and due to the loader capabilities of the malware delivered, targets can be at risk of more sophisticated threats like reconnaissance malware and ransomware.”
Cofense researchers also noted:
- evasive tactics in the campaign such as leveraging hijacked email threads
- multiple droppers and loaders
- adaptive methods by threat actors over time
DarkGate reporting by the community has risen significantly in the second half of 2023. Members have reported phishing campaigns delivering DarkGate leveraging Microsoft Teams lures and Skype themes as lures.
Interestingly, PikaBot has only been observed and reported once by the RH-ISAC community, in early November 2023.
QakBot, also called Qbot, previously ranked as a top malware reported by the RH-ISAC community and was shut down as part of a coordinated law enforcement effort in August 2023.