In a significant blow to global cybercrime, U.S. officials announced on Tuesday that the FBI, along with its European partners, successfully infiltrated and seized control of a vast malware network that has been operational for over 15 years. Known as Qakbot, the malicious software agent has been implicated in a range of online crimes, from crippling ransomware attacks to the facilitation of financial fraud and various scams. The criminal network, according to Martin Estrada, the U.S. attorney in Los Angeles, was responsible for approximately 40 ransomware attacks over a period of 18 months, generating about $58 million for Qakbot administrators.

The operation, codenamed "Duck Hunt," saw law enforcement agencies from the U.S., France, the U.K., Germany, the Netherlands, Romania, and Latvia seize over 50 Qakbot servers and identify more than 700,000 infected computers. The FBI then utilized the hijacked Qakbot infrastructure to remotely remove the malware from thousands of these compromised systems, marking a major victory in the ongoing battle against cybercrime. However, cybersecurity experts have warned that this achievement, while impressive, is likely to only result in a temporary setback for cybercriminals.

Major Malware Network Dismantled by FBI and European Partners

In a significant blow to cybercrime, the FBI, in collaboration with European partners, infiltrated and dismantled a major global malware network that had been used for over 15 years to perpetrate a wide range of online crimes, including damaging ransomware attacks. The malicious software agent, known as Qakbot, was remotely removed from thousands of infected computers.

A Staggering Impact

Qakbot had victimized nearly every sector of the economy, Martin Estrada, the U.S. attorney in Los Angeles, announced. The criminal network had abetted about 40 ransomware attacks over 18 months, netting Qakbot administrators approximately $58 million. Victims of Qakbot’s ransomware included an Illinois-based engineering firm, financial services organizations in Alabama and Kansas, a Maryland defense manufacturer, and a Southern California food distribution company. Officials disclosed that $8.6 million in cybercurrency was seized or frozen.

The Deft Dismantling

Cybersecurity experts have praised the skilful dismantling of the network. However, they caution that the setback to cybercrime will likely be temporary. The investigation is ongoing and no arrests have been made yet. Officials estimate that the malware loader, also known as Pinkslipbot and Qbot, caused hundreds of millions of dollars in damage since it first appeared in 2008. It affected millions of people in almost every country.

The Role of Qakbot

Qakbot was typically delivered via phishing email infections and gave hackers initial access to compromised computers. It was used to deploy additional payloads including ransomware, steal sensitive information, and gather intelligence on victims to facilitate financial fraud and other crimes. The Qakbot network was literally feeding the global cybercrime supply chain, said Donald Alway, assistant director in charge of the FBI’s Los Angeles office. It was the most commonly detected malware in the first half of 2023, affecting one in 10 corporate networks and accounting for about 30% of attacks globally.

Operation Duck Hunt

In an operation named "Duck Hunt" that started on Friday, the FBI along with Europol and law enforcement and justice partners in France, the United Kingdom, Germany, the Netherlands, Romania and Latvia seized more than 50 Qakbot servers and identified over 700,000 infected computers. The FBI then used the seized Qakbot infrastructure to remotely dispatch updates that deleted the malware from thousands of infected computers.

Takeaways

The operation against Qakbot represents a significant victory in the fight against cybercrime. However, experts warn that this is likely to be a temporary respite, as criminals may either revive the infrastructure elsewhere or move to other botnets. The dismantling of Qakbot underscores the importance of international cooperation in tackling cybercrime. It also highlights the need for continuous vigilance and improved cybersecurity measures across all sectors. While we celebrate this win, the fight against cybercrime is far from over.