FBI Takes Down Qakbot, a Notorious Cyber Threat

Los Angeles, USA: The FBI and the Justice Department announced on August 29 that they had disrupted and dismantled the malware and botnet known as Qakbot..

The multinational operation took place in the United States, France, Germany, the Netherlands, Romania, Latvia, and the United Kingdom. Apparently, it is one of the largest U.S.-led disruptions of a botnet infrastructure used by cybercriminals to commit ransomware, financial fraud, and other cyber-enabled criminal activity.

“The FBI neutralized this far-reaching criminal supply chain, cutting it off at the knees,” said FBI Director Christopher Wray.

“The victims ranged from financial institutions on the East Coast to a critical infrastructure government contractor in the Midwest to a medical device manufacturer on the West Coast.”

How the Malware Worked

The Qakbot malware infected victim computers primarily through spam emails that contained malicious attachments or links.

After a user downloaded or clicked the content, Qakbot delivered additional malware—including ransomware—to their computer.

The computer also became part of a botnet (a network of compromised computers) and could be controlled remotely by botnet users. All the while, a Qakbot victim is typically unaware that their computer had been infected. Hence, the name ‘zombie computers.’

Since its creation in 2008, Qakbot malware has been used in ransomware attacks and other cybercrimes that caused hundreds of millions of dollars in losses to individuals and businesses in the U.S. and abroad.

Operation Duck Hunt

As part of the operation, the FBI gained lawful access to Qakbot’s infrastructure and identified over 700,000 infected computers worldwide—including more than 200,000 in the U.S.

To disrupt the botnet, the FBI redirected Qakbot traffic to Bureau-controlled servers that instructed infected computers to download an uninstaller file.

This uninstaller—created to remove the Qakbot malware—untethered infected computers from the botnet and prevented the installation of any additional malware.

Disruption of Qakbot a Success to Law Enforcement

“All of this was made possible by the dedicated work of FBI Los Angeles, our Cyber Division at FBI Headquarters, and our partners, both here at home and overseas,” said Wray.

“The cyber threat facing our nation is growing more dangerous and complex every day. But our success proves that our own network and our own capabilities are more powerful.”

The disruption of Qakbot is a significant victory for law enforcement in the fight against cybercrime. It demonstrates the FBI’s ability to track down and disrupt even the most sophisticated cybercriminal networks. It also sends a message to cybercriminals that they will be held accountable for their actions.

U.S. Attorney Martin Estrada, representing the Central District of California, has unveiled a significant breakthrough. The operation not only dismantled the Qakbot cybercriminal organization but also led to the forfeiture of nearly $9 million in cryptocurrency.

This substantial amount is now earmarked to provide restitution to the victims who suffered at the hands of this malevolent group.

Protecting Yourself from Malware

• Use antivirus software and keep it updated.
• Avoid opening email attachments or clicking on links from unknown or suspicious sources.
• Back up your data regularly and store it offline or on a separate device.
• Use strong passwords and enable multi-factor authentication for your online accounts.
• Report any suspected cyber incidents to the FBI’s Internet Crime Complaint Center at www.ic3.gov.

RESOURCES

FBI