Codefense published a temporal analysis correlating the rise in observed DarkGate and PikaBot events with the FBI-led dismantlement of the Qbot infrastructure in late August 2023. According to Codefense, the first DarkGate payloads were observed shortly before the FBI operation, in July 2023. However, since September 2023, the frequency and intensity of these events have considerably increased. Simultaneously, in October 2023, there were reports of a presumed resurgence of Qbot, leading to the hypothesis that the Qbot network may not have been completely eradicated. If the hypothesis of a succession from Qbot to DarkGate and/or PikaBot is confirmed, tracking these two malware variants becomes critical to mitigate the risk of initial intrusion, preventing potential nefarious consequences, including ransomware deployment.
- Clipeus