FBI takes down Qakbot

Share post:

The FBI has taken down Qakbot, one of the largest and longest-running botnets to date. The botnet was used by ransomware gangs to infect over 700,000 computers worldwide, causing hundreds of millions of dollars in damage.

The FBI was able to take down Qakbot by infiltrating the botnet’s infrastructure and redirecting traffic to servers controlled by the agency. This allowed the FBI to deploy an uninstaller to compromised devices while clearing the infection and preventing the deployment of additional malicious payloads.

Qakbot, which was run by a group of organized hackers, targeted essential infrastructure and businesses in many nations, collecting financial information and login passwords.

The multinational inquiry, which was also funded by Eurojust, included judicial and law enforcement officials from France, Germany, Latvia, the Netherlands, Romania, the United Kingdom, and the United States. The operation was dubbed “Duck Hunt,” and it took control of servers used for the botnet.

According to Martin Estrada, a U.S. attorney, this operation is the biggest one led by the DOJ against a botnet. Qakbot has been involved in 40 ransomware attacks in the last 18 months, costing victims over $58 million. Qakbot, which started as a banking trojan in 2007, is now a sophisticated malware used by cybercriminal groups to prepare compromised networks for ransomware.

It is commonly spread through phishing emails posing as legitimate documents. Federal investigators accessed an online panel that let them control the botnet and obtained court orders to remove Qakbot from infected systems, which numbered over 700,000 in the past year, including 200,000 in the U.S.

The FBI also seized almost $9 million in cryptocurrency from the Qakbot cybercriminal organization. This money will be made available to victims of ransomware attacks.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs


Related articles

Cyber Security Today, Week in Review for the week ending Friday, Sept. 29, 2023

This episode features discussion on October Security Awareness Month, ransomware, teenage hackers and the start of hearings into proposed Canadian privacy a

Admins urged to quickly patch holes in WS_FTP file transfer server

This is the fourth file transfer application -- and the second from Progress Software -- to recently face critical vulne

Cyber Security Today, Sept. 29, 2023 – Protect your routers from this attacker, new open-source malware packages found, and more

This episode reports on a China-based group that specializes in hacking branch office routers of major

Champagne squeezed to produce proposed amendments on privacy, AI bills

Opposition gives government five business days to produce proposed

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways