QakBot threat actors are still operational after the August takedown

Despite an international law enforcement operation in August aimed at dismantling the QakBot botnet, threat actors behind the malware are still active, says Cisco Talos. The group has carried out a phishing campaign since early August distributing Ransom Knight ransomware and Remcos RAT, which appears to be mostly targeting users in Italy. Experts speculate that the operation, named ‘Duck Hunt,’ did not impact the botnet’s spam delivery infrastructure.