VERY IMPORTANT

A prominent campaign using QBot ran from March to the end of June this year. We assumed that the campaign was stopped to allow those behind QBot to conduct further malware development, but we did not imagine that it would return so quickly. Towards the end of July, one of today's most serious cyber threats, the Emotet Trojan, returned to full activity and launched multiple malspam campaigns, impacting 5% of organizations globally. Some of these campaigns included installing an updated version of Qbot on victims' PCs. A few days later, Checkpoint identified a newer Qbot sample dropped by latest Emotet campaign, which led to discovering a renewed command and control infrastructure and brand new malware techniques distributed through Emotet’s infection process. Qbot’s malspam campaign resumed earlier in August, spreading globally and infecting new targets.