Security News > 2023 > August > FBI-Led Global Effort Takes Down Massive Qakbot Botnet

After more than 15 years in the wild, the Qakbot botnet, a zombie network of over 700,000 computers worldwide, is hanging on the FBI's trophy wall for now.

A multinational action called Operation "Duck Hunt" - led by the FBI, the Department of Justice, the National Cybersecurity Alliance, Europol, and crime officials in France, Germany, the Netherlands, Romania, Latvia and the U.K. - was able to gain access to the Qakbot network and shut down the malicious botnet, which has affected 700,000 computers worldwide.

The FBI said that, as part of the operation, it gained access to Qakbot's infrastructure and identified hundreds of thousands of infected computers worldwide, including more than 200,000 in the U.S. As part of the action, the Bureau redirected Qakbot traffic to its own servers, which instructed infected computers to download an uninstaller file.

Richard Suls, security and risk management consultant at cybersecurity firm WithSecure, said the approach taken by the FBI, which was taking over Qakbot control servers and using software created by law enforcement to wipe Qakbot from the infected computers, was a novel approach.

The Qakbot botnet is operated by a cybercrime group that Symantec calls Batbug, which the software company said controls a lucrative malware distribution network linked to a number of major ransomware groups.

The Symantec researchers noted a surge in Qakbot activity from the beginning of 2023 through June, a period during which the botnet began using attachments on Microsoft OneNote to drop Qakbot on infected machines.

News URL

https://www.techrepublic.com/article/fbi-led-takes-down-qakbot/