FBI vs. Qakbot network: smashed or just paralyzed?

FBI vs. Qakbot network: smashed or just paralyzed?

Share post

On August 29, 2023, the US FBI announced that it had dismantled the multinational cyber hacking and ransomware operation Qakbot, or Qbot. After Hive, Emotet or Zloader, QakBot has now been hit. But is the botnet destroyed and the ransomware unusable or just paralyzed, as was the case with Emotet?

The Qakbot malware infected victims via spam emails containing fraudulent attachments and links. It also served as a platform for ransomware operators. Once the victim's computer was cracked, it became part of the larger Qakbot bot network, which hijacked other computers. 700 computers were affected worldwide, including at financial institutions, government contractors and medical device manufacturers.

What is Qakbot?

🔎 The Check Point Mid-Year Report 2023 shows that Qbot / Qakbot carried out the most attacks globally (Image; Check Point).

Qakbot was operated by Eastern European hackers and has been active since 2008. It is the most frequently discovered malware, affecting 2023 percent of corporate networks worldwide in the first half of 11. Qakbot is particularly tricky: it is a multi-purpose malware that resembles a Swiss Army knife. It allows cybercriminals to directly steal data (including access to financial accounts, payment cards) or computers, while also serving as a platform to infect victims' networks with additional malware and ransomware. Primarily distributed via phishing emails, Qakbot is highly adaptable and flexible, allowing the malware to bypass security measures. It uses well-known file types such as OneNote, PDF, HTML, ZIP, or LNK to deceive users. Says Sergey Shykevich, Threat Intelligence Manager at Check Point Research.

This is what Google subsidiary Mandiant says about Qakbot

The FBI has worked with partners around the world to neutralize the Qakbot malware infrastructure. The infrastructure was used by cybercriminals to spread ransomware. Ransomware is still often used by cybercriminals to pursue economic goals. According to the M-Trends 2023 research report, Mandiant's 2022 investigations involved ransomware in 18 percent of cases.

Sandra Joyce, VP, Mandiant Intelligence at Google Cloud explains: “Ransomware is a major national security challenge that we must take just as seriously as threats from nation states like Russia or North Korea. The fundamentals of the business model are solid and this problem will not be solved any time soon. Many of the tools we have at our disposal will not have a lasting impact. These groups will recover and come back. But we have a moral obligation to pause these operations whenever possible.”

Qakbot comment by Arctic Wolf

The duck hunt was successful: media reports that the FBI managed to dismantle the botnet, which was controlled via the Qakbot malware, as part of an international law enforcement operation called “Duck Hunt” with forces from Germany, the Netherlands, Romania, Latvia and the United Kingdom became.

“The fact that the “duck hunt” on Qakbot was successful is positive for two reasons: on the one hand, we see that the international law enforcement authorities are working together better and better, and on the other hand, it is another sign that organized cybercrime is on their heels and they cannot do their mischief undisturbed.

Nevertheless, this important breakthrough should not be overestimated. Although the botnet has been destroyed for the time being, the malware source codes still exist - just like their developers. It is to be expected that they will regroup and resume their 'work' within a few weeks or months.

Companies can check whether their credentials have been stolen by the Qakbot actors. This works by providing your own email address Have I Been Pwned or on the Dutch police website.” So Dr. Sebastian Schmerl, Director Security Services EMEA Arctic Wolf.


Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

Data manipulation, the underestimated danger

Every year, World Backup Day on March 31st serves as a reminder of the importance of up-to-date and easily accessible backups ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

The AI ​​Act and its consequences for data protection

With the AI ​​Act, the first law for AI has been approved and gives manufacturers of AI applications between six months and ➡ Read more

Windows operating systems: Almost two million computers at risk

There are no longer any updates for the Windows 7 and 8 operating systems. This means open security gaps and therefore worthwhile and ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more