Monday, January 13, 2025
Homecyber securityDismantling Qakbot Botnet - FBI's Largest Cyber Operation Ever

Dismantling Qakbot Botnet – FBI’s Largest Cyber Operation Ever

Published on

Qakbot (aka QBot, Pinkslipbot) is a sophisticated banking Trojan malware that can spread through various methods. Once installed on a system, Qakbot can collect:-

  • Login credentials.
  • Intercept online banking transactions.
  • Gain remote control over the infected computer.

The FBI, along with the Justice Department, led a multinational operation to dismantle the complete infrastructure of the Qakbot malware and botnet on August 29.

In this joint operation, ransomware and cybercriminal activities were actively targeted across seven countries that we have mentioned below:-

  • The U.S.
  • France
  • Germany
  • The Netherlands
  • Romania
  • Latvia
  • The United Kingdom

Besides this, the director of the FBI, Christopher Wray, stated:-

“This botnet was actually one of the longest-lasting ones we’ve seen, and its reach spanned across the entire world. Previously, threat actors utilized this botnet to launch ransomware attacks and steal personal data.”

Prominent ransomware groups, including Conti and ProLock, utilized this botnet, resulting in significant losses for businesses. In addition, the operation led to the seizure of millions in cryptocurrency.

Previously, the ransomware actors leveraged this botnet for a 4.9 million dollar ransom from a publishing company. Threat actors have furthermore exploited it to steal terabytes of medical data from a healthcare provider.

Dismantling Qakbot Botnet

The FBI Director Christopher Wray confirmed the neutralization of an expansive criminal chain, affecting the following sectors across the US:-

  • Financial institutions
  • Infrastructure,
  • Medical device maker
  • Government contractors

Qakbot malware was born in 2008, and since then, in the U.S. and globally, it has caused hundreds of millions of dollars in losses through ransomware and cybercrime.

In the operation, the FBI legally accessed Qakbot’s infrastructure and discovered:-

  • 700,000 global infected devices
  • 200,000 in the U.S. (Among the 700,000 global infected devices)

In an effort to stop the botnet from spreading by distributing an uninstaller that would liberate infected devices from the virus and stop new malware from being installed, the FBI diverted the Qakbot traffic to control servers.

Keep informed about the latest Cyber Security News by following us on Google NewsLinkedinTwitter, and Facebook.

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Critical macOS Vulnerability Lets Hackers to Bypass Apple’s System Integrity Protection

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass...

CISA Released A Free Guide to Enhance OT Product Security

To address rising cyber threats targeting critical infrastructure, the U.S. Cybersecurity and Infrastructure Security...

Microsoft Warns of MFA Issue Affecting Microsoft 365 users

Microsoft has issued a warning regarding an ongoing issue with Multi-Factor Authentication (MFA) that...

RedCurl APT Deploys Malware via Windows Scheduled Tasks Exploitation

Researchers identified RedCurl APT group activity in Canada in late 2024, where the attackers...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Critical macOS Vulnerability Lets Hackers to Bypass Apple’s System Integrity Protection

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass...

CISA Released A Free Guide to Enhance OT Product Security

To address rising cyber threats targeting critical infrastructure, the U.S. Cybersecurity and Infrastructure Security...

Microsoft Warns of MFA Issue Affecting Microsoft 365 users

Microsoft has issued a warning regarding an ongoing issue with Multi-Factor Authentication (MFA) that...