FBI takes down Qakbot

Share post:

The FBI has taken down Qakbot, one of the largest and longest-running botnets to date. The botnet was used by ransomware gangs to infect over 700,000 computers worldwide, causing hundreds of millions of dollars in damage.

The FBI was able to take down Qakbot by infiltrating the botnet’s infrastructure and redirecting traffic to servers controlled by the agency. This allowed the FBI to deploy an uninstaller to compromised devices while clearing the infection and preventing the deployment of additional malicious payloads.

Qakbot, which was run by a group of organized hackers, targeted essential infrastructure and businesses in many nations, collecting financial information and login passwords.

The multinational inquiry, which was also funded by Eurojust, included judicial and law enforcement officials from France, Germany, Latvia, the Netherlands, Romania, the United Kingdom, and the United States. The operation was dubbed “Duck Hunt,” and it took control of servers used for the botnet.

According to Martin Estrada, a U.S. attorney, this operation is the biggest one led by the DOJ against a botnet. Qakbot has been involved in 40 ransomware attacks in the last 18 months, costing victims over $58 million. Qakbot, which started as a banking trojan in 2007, is now a sophisticated malware used by cybercriminal groups to prepare compromised networks for ransomware.

It is commonly spread through phishing emails posing as legitimate documents. Federal investigators accessed an online panel that let them control the botnet and obtained court orders to remove Qakbot from infected systems, which numbered over 700,000 in the past year, including 200,000 in the U.S.

The FBI also seized almost $9 million in cryptocurrency from the Qakbot cybercriminal organization. This money will be made available to victims of ransomware attacks.

The sources for this piece include an article in BleepingComputer.


Related articles

Cyber Security Today, Week in Review for week ending Friday May 17, 2024

Welcome to Cyber Security Today. This is the Week in Review for the week ending Friday, May 17th,...

Cyber Security Today, May 17, 2024 – Malware hiding in Apache Tomcat servers

Malware hiding in Apache Tomcat servers, new backdoors found, and more Welcome to Cyber Security Today. It's Friday, May...

MIT students exploit blockchain vulnerability to steal 25 million dollars

Two MIT students have been implicated in a highly sophisticated cryptocurrency heist, where they reportedly exploited a vulnerability...

Cyber Security Today, May 15, 2024 – Ebury botnet still exploits Linux servers, Microsoft, SAP and Apple issue security updates

The Ebury botnet continues to exploit Linux servers, Microsoft, SAP and Apple issue security updates, and more. Welcome to...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways