On August 29, a joint operation led by the FBI and the U.S. Justice Department was announced, aimed at disrupting and dismantling the notorious Qakbot malware and botnet. This multinational effort, involving law enforcement agencies in the United States, France, Germany, the Netherlands, Romania, Latvia, and the United Kingdom, marks a significant achievement in countering cybercriminals who have utilized Qakbot for ransomware attacks, financial fraud, and various other cyber-enabled criminal activities.
Neutralizing a Global Threat
“The FBI neutralized this far-reaching criminal supply chain, cutting it off at the knees,” stated FBI Director Christopher Wray. The impact of this operation was extensive, with victims ranging from financial institutions on the East Coast to critical infrastructure government contractors in the Midwest and medical device manufacturers on the West Coast.
Understanding Qakbot Malware
Qakbot malware primarily infiltrated victim computers through malicious attachments or links in spam emails. Upon downloading or clicking these elements, Qakbot delivered additional malware, including ransomware, to the infected computer. Meanwhile, the compromised computer became a part of a botnet, allowing cybercriminals to control it remotely. Victims were often unaware of their computer’s infection.
Since its inception in 2008, Qakbot has been responsible for a slew of ransomware attacks and other cybercrimes, resulting in hundreds of millions of dollars in losses to individuals and businesses in the United States and around the world.
The Command-and-Control Infrastructure
“This botnet provided cybercriminals like these with a command-and-control infrastructure consisting of hundreds of thousands of computers used to carry out attacks against individuals and businesses all around the globe,” Director Wray emphasized.
Disrupting the Botnet
As part of the operation, the FBI secured lawful access to Qakbot’s infrastructure, identifying over 700,000 infected computers globally, including more than 200,000 in the United States.
To thwart the botnet’s operation, the FBI rerouted Qakbot’s traffic to servers under their control. These servers instructed infected computers to download an uninstaller file specifically designed to remove the Qakbot malware. This action effectively disconnected infected computers from the botnet and prevented the installation of additional malware.
Acknowledging Collaborative Efforts
Director Wray acknowledged the dedicated work of the FBI’s Los Angeles office, the Cyber Division at FBI Headquarters, and international partners involved in this operation. He emphasized that the cyber threat facing the nation is constantly evolving in complexity, but the success of this operation underscores the power of the FBI’s network and capabilities.
The dismantling of the Qakbot malware and botnet represents a significant milestone in combating cybercrime on an international scale, sending a clear message that coordinated efforts can disrupt even the most sophisticated cybercriminal operations.
Source: FBI Website