fbpx

FBI helps seize control of million-dollar global malware network Qakbot – ABC News

FBI helps seize control of million-dollar global malware network Qakbot - ABC News
Man in suit stands in front of US flag

The FBI and European partners have infiltrated and seized control of a major global malware network that had crippled businesses and technology users for more than 15 years.  

Key points:

The malicious software agent, better known as Qakbot, had facilitated about 40 ransomware attacks over 18 months alone and reportedly netted administrators about $US58 million ($89.7 million). 

But Qakbot has been removed from thousands of infected computers following a successful operation, US officials said on Tuesday local time. 

“Nearly ever sector of the economy has been victimised by Qakbot,” US attorney Martin Estrada said. 

Officials said $US8.6 million ($13.3 million) in cyber currency was seized or frozen but no arrests were announced.

The FBI’s Don Alway says Qakbot was “feeding the global cybercrime supply chain”.(AP: Sarah Reingewirtz/The Orange County Register )

Officials estimated the so-called malware loader,  also known as Pinkslipbot and Qbot, caused hundreds of millions of dollars in damage since first appearing in 2008 as an information-stealing bank Trojan.

They said millions of people in nearly every country in the world had been affected.

The Qakbot network was “literally feeding the global cybercrime supply chain”, Los Angeles’s FBI assistant director in charge Donald Alway said. 

He labelled it “one of the most devastating cybercriminal tools in history”. 

Using phishing email infections, Qakbot gave criminal hackers initial access to violated computers.

They could then deploy ransomware, steal sensitive information or gather intelligence on victims to facilitate financial fraud or romance scams.

Mr Estrada would not say where administrators of the malware were located.

Cybersecurity researchers said they believed hackers could be in Russia or other former Soviet states.

Qakbot gave cybercriminals initial access to networks. (ABC News: Maren Preuss)

In an operation dubbed “Duck Hunt”, the FBI along with Europol and law enforcement partners in France, the United Kingdom, Germany, the Netherlands, Romania and Latvia seized more than 50 Qakbot servers and identified more than 700,000 infected computers beginning last Friday. 

Cybersecurity experts were impressed the network was dismantled quickly,  but Sophos cybersecurity expert Chester Wisniewski said it could be temporary. 

“This will cause a lot of disruption to some gangs in the short term, but it will do nothing from it being rebooted,” he said.

“Albeit it takes a long time to recruit 700,000 PCs.”

This content was originally published here.

Scroll to Top