The U.S. Justice Department, alongside international partners, executed a significant digital operation to neutralize the QakBot malware, which has been employed by cybercriminals for years to launch ransomware attacks and steal sensitive data globally. In this “unprecedented” operation, they infiltrated servers controlling the malware in seven countries, self-destructed the malware, and confiscated nearly $9 million in cryptocurrency. This large-scale campaign is a culmination of 18 months of strategic planning and represents one of the most formidable actions by the DOJ against a botnet.
Key Points:
- The QakBot malware, active since 2008, has been a primary tool for cyberattacks, causing millions in damages through ransomware and data breaches.
- The operation involved international collaboration with law enforcement from countries like France, Germany, the UK, Netherlands, Romania, and Latvia.
- During the sting, officials discreetly accessed 52 servers controlling QakBot, offering insight into the scale of damages, which included the infection of 700,000 new victims within the past year and $58 million in damages from ransomware attacks.
- Although no arrests were announced during the reveal, the ongoing investigation seeks to identify the main operators behind the botnet, with suspicions pointing towards global contributors.
- This takedown is part of a larger initiative by the Justice Department to combat the rising tide of cybercrime, with the hope that such operations will hinder and potentially dismantle major cybercriminal organizations.
Source: https://www.politico.com/news/2023/08/29/fbi-doj-cybercrime-takedown-00113371