30 August 2023

International police operation dismantles notorious Qakbot botnet


International police operation dismantles notorious Qakbot botnet

The US authorities and partners have dismantled the notorious Qakbot botnet that infected more than 700,000 computers globally and was linked to multiple attacks involving ransomware, financial fraud and other cybercriminal activity. The Qakbot operation is estimated to have caused nearly $60 million in losses from victims around the world.

The Qakbot (aka QBot, QuackBot, and Pinkslipbot) malware infected victim machines primarily via spam emails with malicious attachments or links. Initially designed as a banking trojan, QakBot has received new capabilities over time. Other than permitting initial access to targeted networks, QakBot delivers other remote-access payloads, steals sensitive data, and helps lateral movement and remote code execution.

Qakbot has been used by many prolific ransomware groups in recent years, including Conti, ProLock, Egregor, REvil, MegaCortex, and Black Basta. According to recent research, Qakbot was the most popular malware loader during the first seven months of 2023.

Dubbed “Operation Duck Hunt,” the police action involved law enforcement agencies from France, Germany, the Netherlands, Romania, Latvia and the United Kingdom.

As part of the operation, the infrastructure of QakBot was dismantled and more than $8.6 million in cryptocurrency in illicit profits was seized. The FBI also identified over 700,000 machines infected with QakBot across the globe.

To disrupt the botnet, the FBI redirected Qakbot traffic to Bureau-controlled servers that instructed the infected computers to download an uninstaller file designed to remove the Qakbot malware. This file severed compromised machines from the botnet and prevented the installation of any additional malware.

Back to the list

Latest Posts

Void Arachne targets Chinese-speaking users with Winos backdoor

Void Arachne targets Chinese-speaking users with Winos backdoor

The campaign uses SEO poisoning and disseminates malware via social media and messaging platforms.
19 June 2024
AMD investigates potential cyberattack following claims of data breach

AMD investigates potential cyberattack following claims of data breach

The stolen data allegedly includes sensitive information about AMD's future products employee databases, and customer databases.
19 June 2024
Police shut down online infrastructure used by terrorists for communication and propaganda

Police shut down online infrastructure used by terrorists for communication and propaganda

The websites and communication channels had a global reach, spreading directives and slogans of the Islamic State in over 30 languages.
19 June 2024