The FBI and the US Justice Department announced a multinational operation to “disrupt and dismantle” Qakbot, a malware and botnet used by cybercriminals far and wide. The Feds have taken down the botnet in an operation called, “Duck Hunt”.
In addition to the US, France, Germany, the Netherlands, Romania, Latvia, and the United Kingdom also participated in the operation. As part of the operation, the FBI obtained lawful access to Qakbot’s infrastructure and identified over 700,000 infected computers worldwide, including more than 200,000 in the US.
The FBI added that Qakbot made its way into computers through deceptive emails, often with harmful attachments or links. When opening these attachments or clicking the links, a computer becomes part of a remote-controlled network of infected devices, known as a botnet.
FBI Director Christopher Wray said:
The FBI neutralized this far-reaching criminal supply chain, cutting it off at the knees. The victims ranged from financial institutions on the East Coast to a critical infrastructure government contractor in the Midwest to a medical device manufacturer on the West Coast.
To take down the botnet, the FBI rerouted Qakbot’s traffic to servers under their control. These servers then directed infected computers to download a specific file designed to remove the Qakbot malware. This action essentially disconnected the infected computers from the botnet and blocked any attempts to install further malicious software.
All of this was made possible by the dedicated work of FBI Los Angeles, our Cyber Division at FBI Headquarters, and our partners, both here at home and overseas. The cyber threat facing our nation is growing more dangerous and complex every day. But our success proves that our own network and our own capabilities are more powerful.
The US security organization reports that this malware has been instrumental in ransomware attacks and various cyber crimes. These activities have resulted in massive financial losses, tallying hundreds of millions of dollars, affecting both individuals and businesses in the US and worldwide.