After years of malicious activities, the notorious QakBot (or QBot) malware finally meets its fate as the FBI disrupts the botnet network. Besides taking down the botnet, FBI also cleaned infected systems from the malware.
FBI Disrupts Qakbot Network
Reportedly, the FBI has dismantled the notorious Qakbot malware network in a recent operation.
Qakbot, also known as QuakBot and QBot, is a known malware that has executed numerous malicious campaigns alongside facilitating other threat actors for various activities, especially ransomware attacks.
Announcing the achievement, FBI officials explained how they conducted a large-scale operation across six countries to take down the botnet. These countries include the United States, Germany, France, the Netherlands, Latvia, Romania, and the United Kingdom.
According to the details shared by the US Attorney’s Office, the FBI and the Dutch National Police officials discovered multiple compromised account credentials, which they shared with the HIBP website for public accessibility.
The Bureau, after obtaining the due permissions following their application, traced down the threat actors’ physical location, alongside mapping out the botnet’s infrastructure. Moreover, they also identified 20 cryptocurrency wallets associated with the botnet.
More details are available in the following announcement video.
FBI Removes The Malware From Infected Systems
Alongside disrupting the botnet activity, the FBI also confirmed freeing up the victim machines from the malware infection.
The FBI Director, Christopher Wray, stated that QBot’s victim list includes various firms across different regions. FBI could identify over 700,000 victim machines, over 200,000 of which existed within the US.
The victims ranged from financial institutions on the East Coast to a critical infrastructure government contractor in the Midwest to a medical device manufacturer on the West Coast.
Hence, to relieve all the infected systems that inadvertently constituted the botnet, the FBI redirected its traffic to its servers. It then released an uninstaller file to the QBot victim machines to uninstall the malware and prevent further infection.
While the threat from QBot is seemingly over, the risk never fades as more and more malware families keep emerging online to target victims. Therefore, all users, especially organizations, must remain vigilant to prevent similar threats.
Let us know your thoughts in the comments.