US officials announced on Tuesday that a worldwide law enforcement operation had dismantled the "Qakbot" malware platform, a significant cybercrime triumph. Qakbot, a malicious software used in financial crimes, has long worried cybersecurity professionals and law police.
Over a decade ago, Qakbot was discovered spreading malicious and boobytrapped emails to unsuspecting victims. This cyber threat's complexity and broad usage make it a problem for security and law enforcement.
The US, France, Germany, the Netherlands, Britain, Romania, and Latvia participated in the "Duck Hunt," according to the US Department of Justice. The FBI was crucial to this worldwide anti-cybercrime endeavor.
Global Collaboration Against Cybercrime
US Attorney Martin Estrada said the Qakbot operation was a milestone in the Department's technical and financial botnet operations. Botnets are infected computers used by hackers to spread malware.
"Together we have taken down Qakbot and saved countless victims from future attacks," Estrada remarked during a news conference after the anti-cybercrime operation victory, as quoted in a Reuters report.
Security professionals think that Qakbot, which is believed to have origins in Russia, has targeted companies worldwide, from Germany to Argentina. Its effects have caused financial losses and security breaches across sectors.
Estrada revealed that Qakbot malware infected over 700,000 victim PCs, allowing ransomware assaults and costing hundreds of millions of dollars to companies, healthcare providers, and government organizations.
Read Also: Apple Chief Security Officer Thomas Moyer Facing Bribery Charges Again
The operation also seized 52 US and international servers. Investigators found that Qakbot's operators collected $58 million in ransoms between October 2021 and April 2023.
The strategy helped the FBI eliminate the Qakbot botnet. The FBI used lawful access to Qakbot's infrastructure to divert internet traffic to FBI servers. This method directed affected PCs to download a law enforcement uninstaller. This uninstaller disconnected victims' PCs from Qakbot, preventing malware installation.
Today, #FBI Director Christopher Wray announced a Bureau-led operation that crippled a long-running botnet. Just in the past year, this botnet infected approximately 700,000 computers. Learn how the FBI restored control to victims: https://t.co/RVEwdGBFzu pic.twitter.com/yCXhK5pDtl
— FBI (@FBI) August 29, 2023
How Did Qakbot Operate?
The FBI and its international partners identified over 6.5 million victims as part of "Operation Duck Hunt," and over 6.5 million victims had their stolen credentials successfully recovered. The confiscation of the servers permanently dismantled the botnet.
Ransomware gangs have used Qakbot, also known as "Qbot" or "Pinkslipbot," since 2008. Malware is hidden in spam emails with attachments or links, according to Forbes. The infected machines constitute a botnet that attackers may remotely control.
Qakbot has recently become well-known among infamous ransomware gangs such as Conti, ProLock, Egregor, REvil, MegaCortex, and Black Basta.
Qakbot's damaging efforts affect several industries. They include an Illinois power engineering business, Alabama, Kansas, and Maryland financial services companies, a Maryland military manufacturing company, and a Southern California food distributor.
The US State Department's Rewards for Justice program offers up to $10 million for Qakbot's operators' identification, according to a Tech Crunch report.
Related Article: Emergence of AI: Analyst Explains the Importance of Regulating AI Technologies
