In a major international operation, the FBI and the Justice Department unveiled their successful dismantling of the Qakbot malware and botnet on August 29. This operation, spanning multiple countries including the U.S., France, Germany, and the UK, stands as one of the largest U.S.-led efforts to disrupt a botnet infrastructure responsible for cybercrimes like ransomware attacks and financial fraud.
FBI Director Christopher Wray emphasized that the operation effectively halted a significant criminal supply chain, impacting diverse victims ranging from financial institutions to crucial government contractors and medical device manufacturers across the nation.
Qakbot malware infiltrated victim computers primarily through malicious attachments or links in spam emails. Once downloaded or clicked, the malware introduced additional harmful software, including ransomware, while covertly integrating the compromised computers into a botnet. This botnet allowed remote control by cybercriminals, with victims often unaware of the infection. Since its inception in 2008, Qakbot malware has caused substantial financial losses for both individuals and businesses worldwide.
The FBI’s successful disruption of the Qakbot botnet was achieved by gaining lawful access to its infrastructure and identifying over 700,000 infected computers globally, including more than 200,000 in the U.S. To counter the botnet’s operation, the FBI redirected Qakbot traffic to its own servers, prompting infected computers to download an uninstaller that removed the malware.
This coordinated effort between FBI Los Angeles, the Cyber Division at FBI Headquarters, and international partners showcased the strength of their capabilities in countering the evolving cyber threat landscape, as highlighted by Wray.
