Security researchers have spotted QakBot malware used to lockout hundreds to thousands of Active Directory (AD) accounts across a number of enterprises.
According to IBM X-Force security researchers, “under certain domain configurations, the malware’s dictionary attack for accessing the target machines can result in multiple failed authentication attempts, which eventually trigger an account lockout.”
QakBot is also known as financial malware historically used to target businesses to drain bank accounts and also has worm capabilities to self-replicate via shared drives and removable media.Â