FBI-Led Operation Dismantles Notorious Qakbot Malware

A global operation led by the FBI has dismantled one of the most notorious cybercrime tools used to launch ransomware attacks and steal sensitive data.

U.S. law enforcement officials announced on Tuesday that the FBI and its international partners had disrupted the Qakbot infrastructure and seized nearly $9 million in cryptocurrency in illicit profits.

Qakbot, also known as Qbot, was a sophisticated botnet and malware that infected hundreds of thousands of computers around the world, allowing cybercriminals to access and control them remotely.

“The Qakbot malicious code is being deleted from victim computers, preventing it from doing any more harm,” the U.S. Attorney’s Office for the Central District of California said in a statement.

Martin Estrada, the U.S. attorney for the Central District of California, and Don Alway, the FBI assistant director in charge of the Los Angeles field office, announced the operation at a press conference in Los Angeles.

Estrada called the operation “the largest U.S.-led financial and technical disruption of a botnet infrastructure” used by cybercriminals to carry out ransomware, financial fraud, and other cyber-enabled crimes.

“Qakbot was the botnet of choice for some of the most infamous ransomware gangs, but we have now taken it out,” Estrada said.

Law enforcement agencies from France, Germany, the Netherlands, the United Kingdom, Romania, and Latvia took part in the operation, code-named Duck Hunt.

“These actions will prevent an untold number of cyberattacks at all levels, from the compromised personal computer to a catastrophic attack on our critical infrastructure,” Alway said.

As part of the operation, the FBI was able to gain access to the Qakbot infrastructure and identify more than 700,000 infected computers around the world, including more than 200,000 in the United States.

To disrupt the botnet, the FBI first seized the Qakbot servers and command and control system. Agents then rerouted the Qakbot traffic to servers controlled by the FBI. That in turn instructed users of infected computers to download a file created by law enforcement that would uninstall Qakbot malware.

         

leave a reply: