{"id":1660,"date":"2023-08-29T17:16:41","date_gmt":"2023-08-29T17:16:41","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=76695"},"modified":"2023-08-29T17:16:41","modified_gmt":"2023-08-29T17:16:41","slug":"fbi-doj-disrupt-massive-qakbot-botnet-connected-to-millions-of-dollars-in-ransomware-losses","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2023\/08\/29\/fbi-doj-disrupt-massive-qakbot-botnet-connected-to-millions-of-dollars-in-ransomware-losses\/","title":{"rendered":"FBI, DOJ disrupt massive Qakbot botnet connected to millions of dollars in ransomware losses"},"content":{"rendered":"<p><head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <meta name=\"robots\" content=\"index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1\"> <!-- This site is optimized with the Yoast SEO Premium plugin v20.5 (Yoast SEO v20.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ --> <title>FBI, DOJ disrupt massive Qakbot botnet connected to millions of dollars in ransomware losses | CyberScoop<\/title> <meta name=\"description\" content=\"\u201cOperation Duck Hunt\u201d included authorities in France, Germany, the Netherlands, Romania, Latvia and the U.K.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/fbi-doj-major-botnet-and-malware-takedown-qakbot\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"FBI, DOJ disrupt massive Qakbot botnet connected to millions of dollars in ransomware losses\"> <meta property=\"og:description\" content=\"\u201cOperation Duck Hunt\u201d included authorities in France, Germany, the Netherlands, Romania, Latvia and the U.K.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/fbi-doj-major-botnet-and-malware-takedown-qakbot\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2023-08-29T17:16:41+00:00\"> <meta property=\"article:modified_time\" content=\"2023-08-29T18:19:23+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/fbi-doj-disrupt-massive-qakbot-botnet-connected-to-millions-of-dollars-in-ransomware-losses-1.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1208\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"AJ Vicens\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@AJVicens\"> <!-- \/ Yoast SEO Premium plugin. --> <link rel=\"dns-prefetch\" href=\"\/\/cdn.parsely.com\">\n<link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-0\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1693337792g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-4\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1693327649g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1693525727g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=7af46db108fbc62fdcc9\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/76695\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.3.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=76695\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ffbi-doj-major-botnet-and-malware-takedown-qakbot%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Ffbi-doj-major-botnet-and-malware-takedown-qakbot%2F&amp;format=xml\"> <!-- Google Tag Manager --> <!-- End Google Tag Manager --> <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-76695 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/fbi-doj-major-botnet-and-malware-takedown-qakbot\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"27.538188277087\">\n<div class=\"single-article__header-content\" readability=\"34.188\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/threats\/cybercrime\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> \u201cOperation Duck Hunt\u201d also included authorities in France, Germany, the Netherlands, Romania, Latvia and the U.K. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"403\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/fbi-doj-disrupt-massive-qakbot-botnet-connected-to-millions-of-dollars-in-ransomware-losses.jpg?resize=640%2C403&#038;ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/fbi-doj-disrupt-massive-qakbot-botnet-connected-to-millions-of-dollars-in-ransomware-losses-1.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/fbi-doj-disrupt-massive-qakbot-botnet-connected-to-millions-of-dollars-in-ransomware-losses-1.jpg?resize=300,189 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/fbi-doj-disrupt-massive-qakbot-botnet-connected-to-millions-of-dollars-in-ransomware-losses-1.jpg?resize=768,483 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/fbi-doj-disrupt-massive-qakbot-botnet-connected-to-millions-of-dollars-in-ransomware-losses-1.jpg?resize=1024,644 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/fbi-doj-disrupt-massive-qakbot-botnet-connected-to-millions-of-dollars-in-ransomware-losses-1.jpg?resize=1536,966 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/fbi-doj-disrupt-massive-qakbot-botnet-connected-to-millions-of-dollars-in-ransomware-losses-1.jpg?resize=600,378 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/fbi-doj-disrupt-massive-qakbot-botnet-connected-to-millions-of-dollars-in-ransomware-losses-1.jpg?resize=267,168 267w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/fbi-doj-disrupt-massive-qakbot-botnet-connected-to-millions-of-dollars-in-ransomware-losses-1.jpg?resize=536,337 536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/fbi-doj-disrupt-massive-qakbot-botnet-connected-to-millions-of-dollars-in-ransomware-losses-1.jpg?resize=1073,675 1073w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/09\/fbi-doj-disrupt-massive-qakbot-botnet-connected-to-millions-of-dollars-in-ransomware-losses-1.jpg?resize=1340,843 1340w\" sizes=\"(max-width: 1073px) 100vw, 1073px\"><figcaption> FBI Director Christopher Wray testifies before the Senate Commerce, Justice, Science, and Related Agencies Subcommittee during a hearing on the 2024 budgets for the FBI and DEA, on Capitol Hill in Washington, DC, on May 10, 2023. (Photo by OLIVIER DOULIERY \/ AFP) (Photo by OLIVIER DOULIERY\/AFP via Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"35.745930077395\"><body readability=\"71.486243683324\"><\/p>\n<p>An international law enforcement operation disrupted the <a href=\"https:\/\/www.cisa.gov\/sites\/default\/files\/2023-02\/202010221030_qakbot_tlpwhite.pdf\">Qakbot<\/a> botnet and associated malware that has been connected with countless cyberattacks and nearly $60 million in losses from victims around the world, the U.S. Department of Justice announced Tuesday. <\/p>\n<p>The operation that included the FBI, DOJ and authorities in France, Germany, the Netherlands, Romania, Latvia and the United Kingdom \u2014&nbsp;is \u201cone of the largest U.S.-led disruptions of a botnet infrastructure\u201d used by criminals to facilitate ransomware, financial fraud and other cyber-enabled criminal activity, the <a href=\"https:\/\/www.fbi.gov\/news\/stories\/fbi-partners-dismantle-qakbot-infrastructure-in-multinational-cyber-takedown\">FBI said in a statement<\/a>.<\/p>\n<p>There were no arrests in connection with the operation but the investigation remains ongoing, a senior FBI official told reporters Tuesday.<\/p>\n<p>Qakbot, also known as Qbot or Pinksipbot, is malware first detected in 2008 that has been associated with hundreds of millions of dollars in losses to individuals and businesses in the U.S. and around the world, according to the FBI. The malware has been an initial entry mechanism for a variety of ransomware groups over the years. Groups such as Conti, ProLock, Egregor, REvil, MegaCortex and Black Basta have been known to use it. Between October 2021 and April 2023, the FBI said, Qakbot administrators have received fees corresponding to approximately $58 million in ransoms paid by victims.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>As part of \u201cOperation Duck Hunt\u201d the FBI said it gained access to 700,000 computers worldwide \u2014&nbsp;including 200,000 in the U.S. \u2014&nbsp;infected with Qakbot and redirected botnet traffic \u201cto and through servers controlled by the FBI\u201d on Aug. 25. Those servers \u201cin turn instructed infected computers in the United States and elsewhere to download a file created by law enforcement that would uninstall the Qakbot malware. This uninstaller was designed to untether the victim computer from the Qakbot botnet, preventing further installation of malware through Qakbot,\u201d the FBI said in its statement.<\/p>\n<p>The operation was \u201climited to information installed on the victim computers by the Qakbot actors\u201d and \u201cdid not extend to remediating other malware already installed on the victim computers and did not involve access to or modification of the information of the owners and users of the infected computers,\u201d the agency said.<\/p>\n<p>The operation is just the latest <a href=\"https:\/\/cyberscoop.com\/doj-cybercrime-disruption-ransomware\/\">in a string of proactive law enforcement actions<\/a> to combat cybercrime where the DOJ prioritizes disruption over arrests. The Department also announced on Tuesday the seizure of more than $8.6 million in cryptocurrency in illicit profits related to the botnet and malware operation.<\/p>\n<p>\u201cThe FBI neutralized this far-reaching criminal supply chain, cutting it off at the knees,\u201d FBI Director Christopher Wray said in a prepared statement. \u201cThe victims ranged from financial institutions on the East Coast to a critical infrastructure government contractor in the Midwest to a medical device manufacturer on the West Coast.\u201d<\/p>\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\">\n<div class=\"wp-block-embed__wrapper\">\n<div class=\"wp-block-embed wp-embed-aspect-16-9\">\n<p><iframe title=\"FBI Director Christopher Wray Announces Major Operation Targeting the Qakbot Botnet\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/mIeUT0QmqfU?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" allowfullscreen>[embedded content]<\/iframe><\/p>\n<\/div>\n<\/div>\n<\/figure>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cQakbot was a significant adversary that represented a serious threat to businesses around the world. Engineered for eCrime, Qakbot infections led to the deployment of some of the most sophisticated and damaging ransomware,\u201d said Don Smith, the vice president of the Secureworks Counter Threat Unit. \u201cQakbot has evolved over the years to become a flexible part of the criminal\u2019s arsenal. Its removal is to be welcomed.\u201d<\/p>\n<p>Secureworks researchers observed the takedown operation at about 7:30 am ET in the U.S. Aug. 25, the company said in <a href=\"https:\/\/www.secureworks.com\/blog\/law-enforcement-takes-down-qakbot\">a blog posted after the FBI\u2019s announcement<\/a>.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.4510869565217\">\n<div class=\"author-card\" readability=\"8\">\n<p><h4 class=\"author-card__name\">Written by AJ Vicens<\/h4>\n<p> AJ covers nation-state threats and cybercrime. He was previously a reporter at Mother Jones. Get in touch via Signal\/WhatsApp: (810-206-9411). <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p> <!-- .popular-stories__stories --> <\/div>\n<p><!-- .popular-stories__inner -->\n<\/div>\n<p><!-- .popular-stories --> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p> <!-- Start of HubSpot Embed Code --> <!-- End of HubSpot Embed Code --> <\/body> <a href=\"https:\/\/cyberscoop.com\/fbi-doj-major-botnet-and-malware-takedown-qakbot\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>FBI, DOJ disrupt massive Qakbot botnet connected to millions of<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[282,892],"tags":[286,893],"class_list":["post-1660","post","type-post","status-publish","format-standard","hentry","category-cybercrime","category-qakbot","tag-cybercrime","tag-qakbot"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/qakbot\/\" rel=\"category tag\">QakBot<\/a>","tag_info":"QakBot","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1660","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=1660"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1660\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=1660"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=1660"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=1660"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}