What Happened?
On August 29, 2023, the U.S. Department of Justice announced that a multinational operation successfully disrupted the QakBot botnet, which infected over 700,000 computers worldwide. The takedown involved actions in the United States, Ukraine, Germany, Netherlands, United Kingdom, Romania, and Latvia, and resulted in the seizure of more than $8.6 million in cryptocurrency profits from the QakBot cybercriminal organization.
The FBI gained access to QakBot infrastructure, identified and redirected botnet traffic through its servers, and instructed infected computers to download an uninstaller. This action prevented QakBot from installing further malware. Law enforcement primarily focused on removing the QakBot malware from victim computers without affecting owner data.
The operation was conducted in close cooperation with Eurojust, a department of the European Union that investigates crimes within member states, and involved significant assistance from various cybercrime and law enforcement agencies across several countries.
What Is QakBot and Why Is This Important?
QakBot (also known as QBot) is a highly popular banking trojan that has existed since at least 2007. The trojan has continuously evolved since its inception and has been frequently upgraded with new capabilities.
Here’s how it works: QakBot allows cybercriminals to gain initial access to targeted networks and delivers other remote-access payloads, which attackers can then use to steal sensitive data, move laterally, or remotely execute code.
QakBot was primarily spread through spam emails, delivering additional malware, including ransomware. Notable ransomware groups like Ryuk, ProLock, Egregor, REvil, MegaCortex, and Black Basta have used QakBot as an initial means of infection, causing significant damage to businesses, healthcare providers, and government agencies.
As of August 2023, QakBot had been predominantly linked t ..
Support the originator by clicking the read the rest link below.
