Security News > 2023 > August > FBI Dismantles QakBot Malware, Frees 700,000 Computers, Seizes $8.6 Million

A coordinated law enforcement effort codenamed Operation Duck Hunt has felled QakBot, a notorious Windows malware family that's estimated to have compromised over 700,000 computers globally and facilitated financial fraud as well as ransomware.

QakBot administrators are said to have received fees corresponding to approximately $58 million in ransoms paid by victims between October 2021 and April 2023.

"The victim computers infected with QakBot malware are part of a botnet, meaning the perpetrators can remotely control all the infected computers in a coordinated manner," the DoJ said.

The joint effort, according to court documents, enabled access to QakBot infrastructure, thereby making it possible to redirect the botnet traffic to and through servers controlled by the U.S. Federal Bureau of Investigation with the ultimate goal of neutralizing the "Far-reaching criminal supply chain."

QakBot, like Emotet and IcedID, employs a three-tiered system of servers to control and communicate with the malware installed on infected computers.

QakBot has also been one of the most active malware families in the second quarter of 2023, per HP Wolf Security, leveraging as many as 18 unique attack chains and clocking 56 campaigns over the time period, underscoring the e-crime group's penchant for "Quickly permuting their tradecraft to exploit gaps in network defenses."

News URL

https://thehackernews.com/2023/08/fbi-dismantles-qakbot-malware-frees.html