FBI and European allies dismantle major malware network, striking blow to global cybercrime.

Major Global ‍Malware Network Seized by FBI and ‌European Partners

LOS ANGELES—In a groundbreaking operation, U.S. ‍officials ⁤announced on ‍Tuesday that the FBI, in collaboration with its European counterparts, successfully infiltrated and ​took ‍control ⁢of a major global malware network. This network had‍ been ⁤operating for over 15 years, ​orchestrating a wide range of ⁢online crimes, including ⁢devastating ransomware attacks.

Utilizing their expertise, the cybersecurity experts remotely​ eliminated ‌the malicious software agent, known as ⁤Qakbot, from thousands of infected computers. This impressive dismantling of ⁤the network is a significant achievement,​ although ⁤experts caution that ⁢the impact on cybercrime may only be⁤ temporary.

Related Stories

• IN-DEPTH: Americans ‘Becoming More Aware of the ⁢FBI’s ‍Malfeasance’: FBI Whistleblower
  
  8/30/2023
• FBI Dismantles Notorious Qakbot⁤ Hacking Network
  
  8/29/2023

“Nearly every sector of the economy has fallen ‌victim ‍to Qakbot,” stated Martin Estrada, the U.S. attorney in ⁤Los Angeles, during the announcement ⁢of the ​takedown.⁢ He revealed that the criminal network⁤ had orchestrated ‌approximately 40 ransomware attacks in just 18 months, resulting in Qakbot⁤ administrators pocketing ‍around $58 million.

Among the victims of Qakbot’s ransomware attacks were an engineering firm based in⁤ Illinois, financial services organizations​ in Alabama and Kansas, a defense manufacturer in Maryland, and a​ food distribution company in Southern ‌California, according to Estrada.

While $8.6 million in⁢ cybercurrency was seized or frozen, no⁢ arrests have⁤ been made at this time.⁣ The ⁢investigation is ‍ongoing, and Estrada declined⁢ to disclose the location of the malware administrators, who are ⁤believed to be in Russia or other former Soviet states, according to cybersecurity‍ researchers.

Officials estimate that the malware loader,​ also known⁤ as Pinkslipbot and Qbot,‌ has caused hundreds of millions of dollars in damages since its initial appearance in ‍2008 as an information-stealing bank trojan. This digital Swiss knife for cybercrooks⁤ has affected millions of people in nearly every country worldwide.

Qakbot is typically delivered through ‌phishing email infections, granting criminal hackers initial access to compromised computers. From there, they ⁢can deploy additional payloads, such as ransomware, ⁣steal sensitive⁢ information, or ⁣gather intelligence for financial fraud and other crimes, including tech support and ‍romance‌ scams.

Donald‍ Alway, assistant‌ director in charge ⁣of the FBI’s Los Angeles office, described ⁤the Qakbot network ⁤as “literally feeding the global cybercrime supply chain.” He labeled ‍it as “one of the most‍ devastating cybercriminal‍ tools in history.” In fact, Qakbot was the most commonly detected malware in the first half of ⁣2023, impacting one⁣ in 10 corporate networks and accounting for approximately 30 percent of global attacks, according to cybersecurity firms. These “initial access” tools enable ​ransomware gangs to bypass the initial⁤ step of breaching computer networks, making⁤ them crucial‌ facilitators⁢ for the widespread, primarily Russian-speaking criminals‍ responsible for data theft and disruptions to schools, hospitals, local governments, and businesses worldwide.

In an⁤ operation dubbed “Duck Hunt,” the FBI, Europol, and law ⁢enforcement and justice partners from France, the United Kingdom, Germany, the‍ Netherlands, Romania, and ⁣Latvia ⁣initiated‍ their actions on Friday. They seized over 50 Qakbot servers and identified more than‌ 700,000 infected‍ computers, with over 200,000 of them located in the United States. This effectively severed the criminals’ access to⁢ their targets.

Using the seized ⁣Qakbot infrastructure, the ⁢FBI then remotely dispatched​ updates to…

*As an Amazon Associate I earn from qualifying purchases