Nearly 1,800 users around the world have been impacted by an ongoing Qbot malware campaign between Sept. 28 and Oct. 7, more than 800 of which are in corporate settings, reports SecurityWeek.
U.S., Italy, Germany, and India were most targeted by the new campaign, according to a Kaspersky report. Nearly half of the 220 U.S.-based victims were corporate users, who may have opened their organizations to increased cybersecurity risks.
"Employees should be especially careful now when communicating in business correspondence so as not to accidentally open a malicious file with Qbot," said Kaspersky Senior Security Researcher Victoria Vlasova. However, the findings were not able to ascertain the exact number of organizations impacted by the latest Qbot attacks or the industries that were most affected by the campaign.
Email thread hijacking has been one of the primary infection approaches of Qbot since 2020 but an attack earlier this year saw Qbot distributed through the exploitation of the Follina flaw in the Microsoft Support Diagnostic Tool.
Sixty thousand emails from U.S. State Department accounts were noted by a staffer working for Sen. Eric Schmitt, R-Mo., to have been exfiltrated by Chinese threat actors during the widespread compromise of Microsoft email accounts that commenced in May, according to Reuters.
Threat actors have leveraged the ZeroFont phishing attack technique, which initially involved the insertion of hidden characters or words in emails to evade security detection systems, to modify message previews as shown on Microsoft Outlook and other email clients, BleepingComputer reports.
BleepingComputer reports that individuals who have filed claims against bankrupt cryptocurrency lender Celsius have been subjected to phishing attacks involving the impersonation of the lender's claims agent, Stretto.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news