A global operation led by the FBI has dismantled one of the most notorious cybercrime tools used by criminals to infect computers, launch ransomware attacks and steal sensitive data.
The FBI and its international partners disrupted the Qakbot infrastructure and seized nearly $9 million in cryptocurrency in illicit profits during the Friday operation, officials announced on Tuesday.
Qakbot, a sophisticated botnet and malware that infected more than 700,000 computers around the world, wreaked havoc for nearly 15 years.
The malicious software, also known as Qbot, enabled hackers to launch ransomware attacks and extort millions of dollars from victims.
The botnet first emerged in 2008 as a tool to steal banking credentials but evolved over time to become a powerful weapon for cybercriminals.
Martin Estrada, the U.S. attorney for the Central District of California, and Don Alway, the FBI assistant director in charge of the Los Angeles field office, announced the operation at a news conference in Los Angeles.
Estrada called the operation “the largest U.S.-led financial and technical disruption of a botnet infrastructure.”
“Qakbot was the botnet of choice for some of the most infamous ransomware gangs, but we have now taken it out,” he said.
Law enforcement agencies from France, Germany, the Netherlands, the United Kingdom, Romania and Latvia took part in the operation, code-named Duck Hunt.
Law enforcement officials described Qakbot as a “backbone malware” that supported a vast cybercrime ecosystem. It was advertised and sold on underground cybercrime forums, some of which have been taken down by the FBI.
Hackers used the botnet and other malware to launch ransomware attacks on U.S. critical sectors such as hospitals, schools, police departments and local governments. The attacks disrupted services and cost millions of dollars.
“Stopping cybercrime is a matter of national security,” Estrada said
Qakbot’s reach was global.
“We assess that there are millions of victims,” a senior FBI official said during a background call with reporters. “Virtually every country in the world has a victim there.”
To disrupt Qakbot, the FBI seized the botnet’s command and control servers and rerouted its traffic to servers controlled by the FBI. Users of infected computers were in turn asked to download a file created by law enforcement that would uninstall Qakbot malware.
The operation was part of a new broader “proactive” strategy by U.S. law enforcement to disrupt cybercriminals and the networks that support them, the FBI official said.
“This is part of our overarching strategy to put consistent pressure on the adversary,” the official said.
Officials declined to say if any arrests have been made in connection with Qakbot, saying the investigation into the malware is ongoing.
Meanwhile, the U.S. State Department’s Rewards for Justice program announced a new reward of up to $10 million for information on anyone who, under a foreign government’s direction, targets U.S. critical infrastructure with cyberattacks.
Cyber security firm Check Point Research said Qakbot was operated by Eastern European cybercriminals.
The bot was the "most prevalent malware" in the world, affecting 11% of corporate computer networks in the world, Check Point Research said.
In a statement, Sergey Shykevich, threat intelligence manager at the company, lauded the FBI operation but said it "remains to be seen whether it was a full takedown or whether the operators will be back."
Cybercrime is expected to cost the world $8 trillion in 2023, according to Cybersecurity Ventures, which researches the global cyber economy.
