FBI successfully disables malware infecting 700,000 computers, seizes stolen crypto assets
Under the Banner of 'Operation Duck Hunt', Qakbot malware neutralised, foiling remote control and averting subsequent attacks.
Highlights
- FBI-led "Operation Duck Hunt" took down Qakbot's vast computer network, infecting 700,000 devices globally, preventing future attacks
- Operation yields $8.6 million in seized cryptocurrency, dealing a significant financial blow to cybercriminals behind Qakbot
- Qakbot's capacity to control computers remotely for ransomware and other attacks neutralised, safeguarding systems worldwide
In a landmark achievement, the Federal Bureau of Investigation (FBI) has successfully dismantled an extensive network of computers infected with Qakbot, an infamous strain of malware that ensnared over 700,000 devices worldwide.
Spearheaded by the FBI and supported by an array of international partners, the operation marks a significant stride in the ongoing battle against cyber threats.
Qakbot: A pervasive menace expelled
Qakbot, a pernicious malware, had gained notoriety for infiltrating computers through deceitful spam emails harbouring malicious attachments or links. Once unwitting victims fell prey to these lures and activated the malware, their devices became unwitting participants in a botnet—a network of compromised computers manipulated by cybercriminals.
This sinister control enabled hackers to introduce further malevolent software, such as ransomware, wreaking havoc on a global scale. The ingenious countermeasure employed by the collaborative effort involved rerouting Qakbot through FBI-operated servers.
These servers then transmitted instructions to infected computers across the United States and beyond, initiating a process that uninstalled the Qakbot malware and severed the connection between compromised devices and the botnet.
A crucial nuance of this operation was its focus solely on eradicating Qakbot-instigated infections, not addressing other pre-existing malware on victimised systems.
Heralding a cohesive global endeavour
Code-named ‘Operation Duck Hunt,’ this triumphant endeavour saw the convergence of law enforcement agencies and cybersecurity experts from various nations, including Europe, France, Germany, the Netherlands, the UK, Romania, and Latvia.
The far-reaching impact of the Qakbot botnet, responsible for losses amounting to hundreds of millions of dollars and infecting over 200,000 computers in the US alone, necessitated this united front.
Seized cryptocurrency funds: Depriving cybercriminals of their spoils
In a pivotal twist, the operation also dealt a significant financial blow to the cybercriminals behind the Qakbot malware. The collaboration resulted in the seizure of approximately $8.6 million worth of extorted cryptocurrency funds—a testament to the meticulous planning and execution of this endeavour.
By disrupting the illicit financial infrastructure supporting these nefarious activities, law enforcement agencies demonstrated their capacity to hit cybercriminals where it hurts most—their profits.
In a resounding declaration, US Attorney Martin Estrada emphasised the significance of this collaborative success. "Qakbot was the botnet of choice for some of the most infamous ransomware gangs, but we have now taken it out." Moreover, the operation's impact ripples further, with the FBI sharing compromised credentials discovered during the campaign with services like ‘Have I Been Pwned.’
The Dutch National Police have also taken steps to aid potential victims by adding compromised credentials to their ‘Check Your Hack’ resource. This milestone cooperative triumph stands as a testament to the potency of international unity in safeguarding the digital realm against the perils of sophisticated cyber threats.
