FBI Takes Down Qakbot, a Notorious Cyber Threat

person using silver laptop computer on desk. FBI takes down Qakbot, Malware

Los Angeles, USA: The FBI and the Justice Department announced on August 29 that they had disrupted and dismantled the malware and botnet known as Qakbot..

The multinational operation took place in the United States, France, Germany, the Netherlands, Romania, Latvia, and the United Kingdom. Apparently, it is one of the largest U.S.-led disruptions of a botnet infrastructure used by cybercriminals to commit ransomware, financial fraud, and other cyber-enabled criminal activity.

“The FBI neutralized this far-reaching criminal supply chain, cutting it off at the knees,” said FBI Director Christopher Wray.

“The victims ranged from financial institutions on the East Coast to a critical infrastructure government contractor in the Midwest to a medical device manufacturer on the West Coast.”

How the Malware Worked

The Qakbot malware infected victim computers primarily through spam emails that contained malicious attachments or links.

After a user downloaded or clicked the content, Qakbot delivered additional malware—including ransomware—to their computer.

The computer also became part of a botnet (a network of compromised computers) and could be controlled remotely by botnet users. All the while, a Qakbot victim is typically unaware that their computer had been infected. Hence, the name ‘zombie computers.’

Since its creation in 2008, Qakbot malware has been used in ransomware attacks and other cybercrimes that caused hundreds of millions of dollars in losses to individuals and businesses in the U.S. and abroad.

Operation Duck Hunt

As part of the operation, the FBI gained lawful access to Qakbot’s infrastructure and identified over 700,000 infected computers worldwide—including more than 200,000 in the U.S.

To disrupt the botnet, the FBI redirected Qakbot traffic to Bureau-controlled servers that instructed infected computers to download an uninstaller file.

This uninstaller—created to remove the Qakbot malware—untethered infected computers from the botnet and prevented the installation of any additional malware.

Disruption of Qakbot a Success to Law Enforcement

“All of this was made possible by the dedicated work of FBI Los Angeles, our Cyber Division at FBI Headquarters, and our partners, both here at home and overseas,” said Wray.

“The cyber threat facing our nation is growing more dangerous and complex every day. But our success proves that our own network and our own capabilities are more powerful.”

The disruption of Qakbot is a significant victory for law enforcement in the fight against cybercrime. It demonstrates the FBI’s ability to track down and disrupt even the most sophisticated cybercriminal networks. It also sends a message to cybercriminals that they will be held accountable for their actions.

U.S. Attorney Martin Estrada, representing the Central District of California, has unveiled a significant breakthrough. The operation not only dismantled the Qakbot cybercriminal organization but also led to the forfeiture of nearly $9 million in cryptocurrency.

This substantial amount is now earmarked to provide restitution to the victims who suffered at the hands of this malevolent group.

Cybersecurity Resources

You can use the following resources provided by FBI to check if your email was compromised.

1. To check Qakbot breached email accounts. You need the access key sent to you by Spamhause.

2. Have I been pwned? Check if your email address is in a data breach

3. Polotie. Check your hack

Enter your email address. If your e-mail address is included in one of the datasets, you will receive an e-mail from the police within a few minutes.

Protecting Yourself from Malware

  • Use antivirus software and keep it updated.
  • Avoid opening email attachments or clicking on links from unknown or suspicious sources.
  • Back up your data regularly and store it offline or on a separate device.
  • Use strong passwords and enable multi-factor authentication for your online accounts.
  • Report any suspected cyber incidents to the FBI’s Internet Crime Complaint Center at www.ic3.gov.



Discover more from Biztech Lens

Subscribe to get the latest posts to your email.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Enjoy this blog? Please spread the word :)

Discover more from Biztech Lens

Subscribe now to keep reading and get access to the full archive.

Continue reading