FBI Dismantles Alarming Qakbot Botnet That Infected 700K PCs With Malware
Qakbot malware has been floating around the internet since roughly 2007, being operated by financially motivated threat actors who have maintained and updated the software, according to MITRE. Generally, this family of malware infects victims through malicious emails with links or attachments that would deliver Qakbot. Once this initial infection was completed, the malware would pull down ransomware or other malicious software and then join the victim device to the Qakbot botnet.
On August 29th, the FBI and Justice Department announced the operation, which took place in France, Germany, the Netherlands, Romania, Latvia, the United Kingdom, and of course, the United States. With this, it is reported that there were over 700,000 infected devices around the world, with over 200,000 in the United States alone. However, the FBI “redirected Qakbot traffic to Bureau-controlled servers that instructed infected computers to download an uninstaller file.”
FBI Director Christopher Wray stated that “the FBI neutralized this far-reaching criminal supply chain, cutting it off at the knees,” and that victims “from financial institutions on the East Coast to a critical infrastructure government contractor in the Midwest to a medical device manufacturer on the West Coast” are now free of this malware. You can see what else the Director had to say on the matter in the video above.
At the end of the day, this is one more notch for the FBI in the effort to control the ever-expanding cybersecurity threat that the United States and its allies routinely face. As Director Wray mentioned, the threat is also “growing more dangerous and complex every day,” so everything that can be done to counter it is quite the win.
(Hero Source: https://youtu.be/VUhzK2cY_PY?si=7GOfD7oX6lpdxlyI)
