Operation Duck Hunt: The FBI and law enforcement authorities from France, Germany, Latvia, The Netherlands, Romania, United Kingdom shut down the Qakbot botnet, also known as Qbot or Pinkslipbot. They also seized close to $9 million in crypto from the botnet's operators. The botnet served as an infrastructure for cybercriminals to spread ransomware, financial fraud and other criminal activities. No arrests took place.
According to the FBI statement, the law enforcement agencies gained access to the Qakbot infrastructure and identified more than 700,000 infected computers. To take down the botnet, the FBI's IT specialists redirected Qakbot traffic to their servers, they then told the bots to uninstall themselves.
The Qakbot malware infected computers mostly with the help of spam emails. To get infected the recipient had to open the malicious attachment or click a link. Then, Qakbot loaded more malware, including ransomware, onto the computer.
Most prolific ransomware groups including Conti, ProLock, Egregor, REvil, MegaCortex, and Black Basta, have used Qakbot to gain initial access to their victims' networks.
The FBI states that unknown persons have been using Qakbot in ransomware attacks and other criminal actions since 2008. This caused hundreds of millions of dollars in damage to individuals and businesses in the U.S. and around the world. The investigators established that between October 2021 and April 2023, Qakbot administrators received fees believed to have originated from approximately $58 million in ransom payments.
The DOJ said it also recovered more than 6.5 million stolen passwords and other credentials, and that it has shared this information with two websites that let users check to see if their credentials were exposed: Have I Been Pwned, and Check Your Hack website operated by the Dutch National Police.
QUACK