Qakbot Malware network which has been used for more than 15 years to carry out a variety of online crimes, including catastrophic ransomware assaults, was just penetrated and taken under control by the FBI and its European partners.
Table of Contents
Latest on Qakbot Malware Network
Martin Estrada, the U.S. attorney in Los Angeles, said Tuesday that almost every area of the economy has been harmed by Qakbot. He claimed that over the course of 18 months, the criminal network had enabled roughly 40 ransomware operations that, according to the investigators, fetched Qakbot administrators about $58 million.
According to Estrada, Qakbot’s victims comprised an engineering firm in Illinois, financial services companies in Alabama and Kansas, a Maryland defense manufacturer, and a Southern California food distribution business.
Also, no arrests were reported, but authorities claimed to have frozen or confiscated $8.6 million in cryptocurrency.
Estrada said the inquiry is still going on. He refused to provide the location of the malware’s administrators, who controlled a botnet of infected zombie computers by marshaling infected workstations into it. According to Cybersecurity researchers, these administrators may be located in Russia or in the former Soviet states of Russia.
Officials determined that since its initial appearance in 2008 as a bank trojan that stole information, the so-called malware loader, a digital Swiss army knife for cybercriminals that is also known as Pinkslipbot and Qbot, has been used to wreak hundreds of millions of dollars in damage. According to them, millions of people in almost every country in the world have been impacted.
What is Qakbot
One of the top malware variants of 2021, Qakbot (also known as Qbot or Pinkslipbot) is a customizable second-stage malware with hidden capabilities that was originally designed as a credential stealer.
Qakbot usually spreads via phishing email viruses and first provides malicious hackers with access to infected machines. From there, they might launch additional payloads like ransomware, steal confidential data, or compile victim information to aid in financial fraud and other crimes like tech support and romantic fraud.
Donald Alway, assistant director in charge of the FBI’s Los Angeles office, called the Qakbot network one of the most affecting hacker tools in history and claimed it was actually fueling the worldwide supply chain for unlawful activity. According to some cybersecurity companies, Qakbot, the most often discovered malware in the first half of 2023, affected one in ten corporate networks and was responsible for nearly 30% of attacks worldwide.
What do the Qakbot networks do
Such initial access tools enable extortionist groups that distribute ransomware to skip the first step of infiltrating computer networks, making them important enablers for the remote, primarily Russian-speaking criminals who have wreaked chaos by stealing data and disrupting schools, hospitals, local governments, and businesses globally.
Operation Duck Hunt
During the operation Duck Hunt, the FBI acquired access to QakBot’s administrative computers enabling law enforcement to map out the server network that was used to run the botnet.
Following the seizure of 52 servers under the operation Duck Hunt, which it claimed would permanently break down the botnet, QakBot’s traffic was diverted to Bureau-controlled servers, besides instructing users to download an uninstaller.
The FBI’s dismantling of the successful Hive ransomware gang in January was its biggest triumph over cyberspace criminals when it previously hacked the hackers.
According to Alex Holden, the proprietor of Milwaukee-based Hold Security, Qakbot had the most botnet victims overall, and he considered it a strong takedown. However, he also claimed that given its exponential increase over the previous few years, it might have been a victim of its own success. According to him, large botnets today frequently collapse as there are too many threat actors that are mining this data for different sorts of abuse.
Though the FBI had given a significant blow to the operations of the cyber criminals through its operation Duck Hunt, the battle against the malicious entities continues and it requires more cooperation and coordination amongst various government bodies, institutions, and the industry.