The United States on Tuesday claimed that an international law enforcement operation successfully took down the notorious "Qakbot" malware platform that was extensively used by cybercriminals in various financial crimes.
The hacking network was first discovered over a decade ago, and the malware is spread through malicious, booby-trapped emails sent to unsuspecting victims. In a statement, the United States Department of Justice said that the international operation, Duck Hunt, involved Britain, France, Germany, Latvia, Romania, and the Netherlands.
Massive Cybercrime Network Takedown
Additionally, US attorney Martin Estrada said the attack on Qakbot is considered the most significant technological and financial operation ever led by the department against a botnet. This term refers to an interconnected network of infected computers that hackers use to spread viruses.
During a news conference, Estrada added that the combined effort from the countries involved made it possible to take down Qakbot and ensure the safety of countless victims who could become targets of future attacks, as per Reuters.
Security researchers also believe that Qakbot originated from Russia and has been used to target various organizations globally, from Germany to Argentina. Estrada also said that the malware platform had already infected over 700,000 victim computers, facilitated ransomware deployments, and caused damage to businesses, healthcare providers, and government agencies worth hundreds of millions of dollars.
International agencies seized 52 servers in the United States and abroad as part of the operation. Investigators also found that between October 2021 and April 2021, the malware network's administrators received fees worth roughly $58 million from ransoms that victims paid.
The FBI said that to damage the cybercrime network, it redirected the platform's internet traffic to bureau-controlled servers that uninstalled the corresponding malware from victim computers.
Disruption of the Qakbot Platform
Authorities said that the takedown of Qakbot was one of the largest US-led disruptions of a botnet infrastructure. The FBI added that roughly $8.6 million in stolen cryptocurrency related to the malware platform's operations were seized and will later be returned to victims, according to the Washington Post.
In an announcement, FBI Director Christopher A. Wray said that the FBI successfully neutralized the far-reaching criminal supply chain and "cut it off at the knees." The development comes as Qakbot enabled the operations of several high-profile ransomware groups, such as Conti and REvil.
These targeted organizations, including hospitals, schools, and municipal governments by holding their sensitive data hostage and demanding ransom payments. Victims of the botnet in the United States also include a power engineering firm based in Illinois, a financial services company in Alabama, and a food distribution company in California.
American officials have also accused the Kremlin of ignoring the situation despite a large percentage of global cybercrime and ransomware activity from Russia. They argued that Russian officials ignore the issue as long as the suspects' target is not local, which Moscow authorities have vehemently denied, said Politico.
Related Article: Taiwan Warns of Increased Tensions Due to Chinese Incursions
