IBM noticed that hundreds to thousands of Active Directory users were locked out of their companys domain by the QakBot Banking malware. The malware was designed to target businesses and steal money from bank accounts. IBM X-Force has seen the malware cause AD lockouts in affected organizational networks. The recent campaigns mainly targeted the US business banking services, including treasury, corporate banking, and commercial banking. Experts observed the malware targeting Active Directory domains by performing three specific actions:. It would perform automated logon attempts, some launched using accounts that do not exist.”]
Source: https://securityaffairs.co/wordpress/59714/malware/qakbot-banking-malware-ad-attacks.html

