Resources to help you navigate the changing regulatory landscape

Cybersecurity and Infrastructure Security Agency logo

CISA & FBI Publish Joint Advisory on QakBot Infrastructure

The Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI) has released a joint Cybersecurity Advisory (CSA) — Identification and Disruption of QakBot Infrastructure — to help organizations detect and protect against newly identified QakBot-related activity and malware.

QakBot — also known as Qbot, Quackbot, Pinkslipbot, and TA570 — is responsible for thousands of malware infections globally.

Originally used as a banking trojan to steal banking credentials for account compromise, QakBot — in most cases — was delivered via phishing campaigns containing malicious attachments or links to download the malware, which would reside in memory once on the victim network. QakBot has since grown to deploy multiple types of malware, trojans, and highly-destructive ransomware variants targeting the United States and other global infrastructures, including the Election Infrastructure Subsector, Financial Services, Emergency Services, and Commercial Facilities Sectors.

CISA and FBI urge organizations to implement the recommendations contained within the joint CSA to reduce the likelihood of QakBot-related activity and promote identification of QakBot-facilitated ransomware and malware infections. To report incidents and anomalous activity, please contact one of the following organizations:

Organizations are also encouraged to visit CISA’s Malware, Phishing, and Ransomware and pages—StopRansomware provides a range of free U.S. government resources and services that can help bolster cyber hygiene, cybersecurity posture and reduce risk to ransomware, and contains an updated Joint #StopRansomware Guide.

Credit unions are reminder that if they should uncover an episode/event, a credit union should:

  • Give notice of the incident to its respective regulatory authority.
  • Notify the CISA through its operations center ( or call 1-888-282-0870.
  • Review if data/information has been compromised. If so, then a credit union should report the incident to the local Federal Bureau of Investigations (FBI) field office.

Also, as a reminder, beginning on September 1, 2023, all federally insured credit unions must notify the National Credit Union Administration (NCUA) as soon as possible, and no later than 72 hours, after the credit union reasonably believes it has experienced a reportable cyber incident or received a notification from a third party regarding a reportable cyber incident. (See NCUA Issues Guidance on Cyber Reporting Rule for FICUs)

Access the ‘Compliance Hotline’
Your League-member benefits include the Compliance Hotline — providing exclusive access to dedicated compliance experts:

Using the above phone number and email address, you can gain access to a knowledgeable team that’s ready to address all your credit union’s compliance inquiries — promptly and efficiently. With the Compliance Hotline, you can proactively respond to impromptu questions and issues by getting clarity and insight on technical topics that normally slow you down. We want to help you unlock the full potential of your League membership by leveraging the resources and support you need to navigate the complex world of compliance effortlessly. We’re ALWAYS just a phone call or email away!

Additionally, other League-member compliance resources include:

  • ViClarity
  • CU PolicyPro
  • ComplySight
  • InfoSight
  • CU Store
  • Record Retention Guide
  • GRC Technology Solutions

For more information, email Lisa Quaranta.

Powered by ViClarity, a California and Nevada Credit Union Leagues company.


Become an Industry Supporter

Get membership information

Please contact me about compliance

Contact me about Credit Union Solutions

Education & Professional Development