Major Global Malware Network Seized by FBI and European Partners
LOS ANGELES—In a groundbreaking operation, U.S. officials announced on Tuesday that the FBI, in collaboration with its European counterparts, successfully infiltrated and took control of a major global malware network. This network had been operating for over 15 years, orchestrating a wide range of online crimes, including devastating ransomware attacks.
Utilizing their expertise, the cybersecurity experts remotely eliminated the malicious software agent, known as Qakbot, from thousands of infected computers. This impressive dismantling of the network is a significant achievement, although experts caution that the impact on cybercrime may only be temporary.
Related Stories
“Nearly every sector of the economy has fallen victim to Qakbot,” stated Martin Estrada, the U.S. attorney in Los Angeles, during the announcement of the takedown. He revealed that the criminal network had orchestrated approximately 40 ransomware attacks in just 18 months, resulting in Qakbot administrators pocketing around $58 million.
Among the victims of Qakbot’s ransomware attacks were an engineering firm based in Illinois, financial services organizations in Alabama and Kansas, a defense manufacturer in Maryland, and a food distribution company in Southern California, according to Estrada.
While $8.6 million in cybercurrency was seized or frozen, no arrests have been made at this time. The investigation is ongoing, and Estrada declined to disclose the location of the malware administrators, who are believed to be in Russia or other former Soviet states, according to cybersecurity researchers.
Officials estimate that the malware loader, also known as Pinkslipbot and Qbot, has caused hundreds of millions of dollars in damages since its initial appearance in 2008 as an information-stealing bank trojan. This digital Swiss knife for cybercrooks has affected millions of people in nearly every country worldwide.
Qakbot is typically delivered through phishing email infections, granting criminal hackers initial access to compromised computers. From there, they can deploy additional payloads, such as ransomware, steal sensitive information, or gather intelligence for financial fraud and other crimes, including tech support and romance scams.
Donald Alway, assistant director in charge of the FBI’s Los Angeles office, described the Qakbot network as “literally feeding the global cybercrime supply chain.” He labeled it as “one of the most devastating cybercriminal tools in history.” In fact, Qakbot was the most commonly detected malware in the first half of 2023, impacting one in 10 corporate networks and accounting for approximately 30 percent of global attacks, according to cybersecurity firms. These “initial access” tools enable ransomware gangs to bypass the initial step of breaching computer networks, making them crucial facilitators for the widespread, primarily Russian-speaking criminals responsible for data theft and disruptions to schools, hospitals, local governments, and businesses worldwide.
In an operation dubbed “Duck Hunt,” the FBI, Europol, and law enforcement and justice partners from France, the United Kingdom, Germany, the Netherlands, Romania, and Latvia initiated their actions on Friday. They seized over 50 Qakbot servers and identified more than 700,000 infected computers, with over 200,000 of them located in the United States. This effectively severed the criminals’ access to their targets.
Using the seized Qakbot infrastructure, the FBI then remotely dispatched updates to…
" Conservative News Daily does not always share or support the views and opinions expressed here; they are just those of the writer."
