U.S. authorities seize millions from infamous hacking network.
Law Enforcement Operation Dismantles Notorious Qakbot Malware Platform
In a major multinational effort, U.S. authorities have successfully taken down the infamous “Qakbot” botnet malware platform. This platform, controlled by cybercriminals, has been responsible for carrying out criminal financial activities on a massive scale.
The U.S. Department of Justice revealed that Qakbot malware has infected over 700,000 victim computers, causing extensive damage to businesses, healthcare providers, and government agencies worldwide. Ransomware deployments and financial losses in the hundreds of millions of dollars have been attributed to this malicious software.
The operation, known as “Operation Duck Hunt,” involved law enforcement agencies from the U.S., France, Germany, the Netherlands, Romania, Latvia, and the United Kingdom. It marks one of the largest disruptions of a botnet infrastructure used by cybercriminals for ransomware attacks, financial fraud, and other cyber-enabled criminal activities.
FBI Director Christopher Wray stated, “The FBI neutralized this far-reaching criminal supply chain, cutting it off at the knees. The victims ranged from financial institutions on the East Coast to a critical infrastructure government contractor in the Midwest to a medical device manufacturer on the West Coast.”
The FBI successfully dismantled the botnet by gaining lawful access to its infrastructure and redirecting the traffic to their own servers. From there, infected computers were instructed to download an uninstaller file created by law enforcement. This action untethered the victims from the botnet and prevented further malware infections from Qakbot.
During the operation, authorities recovered more than 6.5 million victims’ email addresses and password credentials, with millions more still being identified. Additionally, 52 servers were seized, effectively dismantling the Qakbot system.
Qakbot malware, also known as “Qbot” and “Pinkslipbot,” has been active since 2008. It primarily infects victim computers through spam emails containing malicious hyperlinks. Once a user interacts with the email’s content, the platform delivers malware or ransomware, unknowingly incorporating the victim’s computer into the Qakbot-controlled botnet network.
Security researchers believe that the hacking network behind Qakbot originated in Russia.
CLICK HERE TO GET THE DAILYWIRE+ APP
In the United States, Qakbot ransomware infected more than 200,000 computers belonging to critical infrastructure industries. These included a power engineering firm in Illinois, financial services organizations in Alabama, Kansas, and Maryland, a defense manufacturer in Maryland, and a food distribution company in Southern California.
Between October 2021 and April 2023, the administrators of the Qakbot platform received approximately $58 million in ransoms from victims. However, these attacks resulted in millions of dollars in losses for individuals and businesses worldwide.
Authorities have also seized over $8.6 million in cryptocurrency, representing illicit profits from Qakbot activities. They are currently working to remove the malicious code from victims’ computers.
U.S. Attorney Martin Estrada emphasized the significance of this operation, stating, “Qakbot was the botnet of choice for some of the most infamous ransomware gangs, but we have now taken it out. This operation also has led to the seizure of almost 9 million dollars in cryptocurrency from the Qakbot cybercriminal organization, which will now be made available to victims. My Office’s focus is on protecting and vindicating the rights of victims, and this multifaceted attack on computer-enabled crime demonstrates our commitment to safeguarding our nation from harm.”
The U.S. State Department’s Rewards for Justice program is offering a reward of up to $10 million for information leading to the identification of the Qakbot operator.
" Conservative News Daily does not always share or support the views and opinions expressed here; they are just those of the writer."