This post is also available in: עברית (Hebrew)
The FBI and its European partners seized control of a major global malware network that was used for more than 15 years to commit various online crimes, after which they remotely removed the malicious software agent called Qakbot from thousands of infected computers.
The US attorney in Los Angeles Martin Estrada said Tuesday “Nearly every sector of the economy has been victimized by Qakbot,” and that the criminal network had facilitated about 40 ransomware attacks alone over 18 months that investigators said got Qakbot administrators about $58 million.
According to CTV News, with the usual attacks delivered via phishing email infections, Qakbot gave malicious actors access to violated computers, where they could then deploy additional payloads, steal sensitive information, or gather intelligence on victims to facilitate financial fraud and crimes like tech support and romance scams. The “initial access” tools Qakbot provides essentially let ransomware gangs skip the initial step of infiltrating computer networks.
Donald Alway, assistant director in charge of the FBI’s Los Angeles office said that the Qakbot network was “literally feeding the global cybercrime supply chain,” and called it “one of the most devastating cybercriminal tools in history.” In 2023 alone Qakbot impacted one in 10 corporate networks and accounted for about 30 percent of attacks globally.
The operation (dubbed “duck hunt”) began Friday when the FBI along with Europol and law enforcement and justice partners in France, the UK, Germany, the Netherlands, Romania, and Latvia seized more than 50 Qakbot servers and identified more than 700,000 infected computers and effectively cutting off criminals from their quarry.
The FBI then used the seized infrastructure to remotely send updates that deleted the malware from thousands of infected computers.
Cybersecurity expert Chester Wisniewski at Sophos warned that while there would probably be a drop in ransomware attacks, the criminals will surely either revive the infrastructure elsewhere or move to other botnets, saying: “This will cause a lot of disruption to some gangs in the short term, but it will do nothing from it being rebooted… Albeit it takes a long time to recruit 700,000 PCs.”