International Law Enforcement Operation Successfully Rolls Down "Qakbot" Malware Platform

Illustration of the spread of Qakbot. (photo: dock. pexels)

JAKARTA - United States authorities on Tuesday August 29 announced that an international law enforcement operation had successfully rolled down the notorious "Qakbot" malware platform. This platform is widely used by cybercriminals in various financial crimes.

Qakbot, which was first spotted more than a decade ago, is generally spread via malicious emails sent to unsuspecting victims.

The US Department of Justice said the operation, dubbed Operation Duck Hunt, involved the Federal Bureau of Investigation (FBI) as well as countries such as France, Germany, the Netherlands, the United Kingdom, Romania and Latvia.

US Attorney Martin Estrada said the move against Qakbot was the most significant technological and financial operation the department had ever conducted against a botnet. The term botnet is used to refer to a connected network of infected computers used by hackers to spread viruses.

"Together, we managed to roll down Qakbot and save many victims from future attacks," he told a news conference, quoted by Reuters.

Security researchers say they believe Qakbot originated in Russia and has attacked organizations around the world, from Germany to Argentina.

Estrada disclosed that the Qakbot malware has infected more than 700,000 victim computers, facilitated the spread of the ransomware, and caused hundreds of millions of dollars in losses to businesses, healthcare providers, and government agencies.

As part of this operation, law enforcement agencies seized 52 servers in the United States and abroad.

Investigators found evidence that between October 2021 and April 2023, Qakbot administrators received an estimated $58 million in ransoms paid by victims.

In order to cripple this cybercrime network, the FBI redirects Qakbot's internet traffic to servers controlled by the bureau, effectively removing the corresponding malware from the victim's computer.

In this process, the FBI removes malicious files from private systems without viewing or collecting personal information.

In a statement, FBI Director Christopher Wray said the victims ranged from financial institutions on the East Coast, government contractors of critical infrastructure in the Midwest, to medical device manufacturers on the West Coast.

"The FBI managed to neutralize the pervasive supply chain of this crime, by cutting it at the root," Wray said.