![The Edge Logo The Edge Logo](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/blt530eb1f4e672eb44/653a71690e92cc040a3e9d6d/Dark_Reading_Logo_TheEdge_0.png?width=700&auto=webp&quality=80&disable=upscale)
Cybersecurity In-Depth: Digging into data about the latest attacks, threats, and trends using charts and tables.
SquirrelWaffle Leverages Malspam to Deliver Qakbot, Cobalt Strike
Threat is spreading widely via spam campaigns, infecting systems with a new malware loader.
![Chart showing daily volume of spam emails delivering SquirrelWaffle between Sept and Oct 2021. Chart showing daily volume of spam emails delivering SquirrelWaffle between Sept and Oct 2021.](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltaa1cdd29c3774669/64f15137717d600556b8713a/tm-nov9.png?width=1280&auto=webp&quality=95&format=jpg&disable=upscale)
SquirrelWaffle is a new malware loader that infects systems using malicious documents delivered via a link in an email message. Threat actors use the malware loader to establish an initial foothold onto systems and their network environments. The adversaries can either download additional types of malware or further compromise the network, depending on how they choose to monetize the attack. In many cases, SquirrelWaffle is being used to deliver and infect systems with Qakbot and the penetration-testing tool Cobalt Strike.
Beginning in mid-September, Cisco Talos observed malspam campaigns delivering malicious Microsoft Office documents designed to infect systems with SquirrelWaffle. The messages typically contain hyperlinks to malicious ZIP archives hosted on attacker-controlled Web servers. The chart, above, illustrates the volumetric trajectory of these campaigns between Sept. 1 and Oct. 15, 2021. Due to the prevalence of these campaigns, organizations should be aware of how SquirrelWaffle could be used to further compromise corporate networks.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024