Operation Duck Hunt – FBI Goes on the Offensive and Bags Qakbot

By: Craig Kennedy

 

Operation Duck Hunt – FBI Goes on the Offensive and Bags Qakbot

On August 29, 2023, the Department of Justice announced the results of a multinational operation aimed at dismantling a notorious malware and botnet criminal organization that’s been causing serious damage for over a decade known as Qakbot. 

Who is Qakbot? —The Foundation of Too Many Successful Attacks

Qakbot first appeared on the scene in 2008 as a banking trojan and was initially focused on financial fraud. Over the years, it has morphed into a platform used by many notorious ransomware groups for them to gain initial access to their victim’s computers.

Qakbot has been used by the likes of Conti and REvil, the latter using Qakbot extensively in its high profile ransomware attack of JBS Foods in June 2021. It’s estimated that Qakbot has compromised over 700,000 computers globally and that Qakbot Administrators have collected $58 million in ransomware fees from their victims since October 2021.

Qakbot malware infected victim computers, and once infected became an unwitting member of a botnet (a network of compromised computers) controlled remotely to perform nefarious tasks. The computer’s owners meanwhile are unaware of the malicious deeds being performed in the background.

How Did This Successful Bust Go Down?

This complex operation involved law enforcement organizations across the US and Europe. The Federal Bureau of Investigation (FBI) led the operation in collaboration with European law enforcement agencies from France, Germany, Latvia, Netherlands, Romania, and the United Kingdom.

The operation, codenamed “Operation Duck Hunt” with technical assistance from Cybersecurity firm Zscaler, identified Qakbot traffic and redirected it to FBI controlled servers that uninfected the servers and provided protection from future infection, essentially dissolving the long-lived botnet.

The net results of the operation was a removal of the botnet software from active infected computers, seizing of more than $8.6 million in cryptocurrency from illicit profits, and the seizing of 52 servers.

Bottom Line:

This is one of the largest ever US led operation against a multinational botnet operator. This is an accelerating trend from exclusively reacting to attacks to proactively planning and offensively attacking cybercriminals internationally. Given the increased pace and sophistication of cyberattacks, this is a welcome change.

State-sponsored attacks require state-sponsored responses, and responses need not be exclusively defensive in nature; an effective defense is a powerful offense.

---

The Executive Guide to AI – Aragon Foresight AI

LIVE on Thursday, September 28th at 10 AM PT | 1 PM ET

 

The rush to AI is here! With the growing interest in ChatGPT, enterprises are searching for answers on how to put AI to work.

Aragon Research has been covering artificial intelligence for over seven years. In this Demo Day on Thursday, September 28th, Aragon CEO and Founder, Jim Lundy, will provide a deep dive into Aragon Research’s coverage of AI and provide a demo of our service that we refer to as Foresight.

Topics we will cover in this webinar include:

• AI trends business leaders need to know.
• Why intelligence matters in every business unit.
• Demo of Aragon Foresight and how enterprises can leverage it for their business.

Register Here

---

 

Blog 1: Introducing the Digital Operations Blog Series

Blog 2: Digital Operations: Keeping Your Infrastructure Secure

Blog 3: Digital Operations: Cloud Computing

Blog 4: Cybersecurity Attacks Have Been Silently Escalating

Blog 5: Automation—The Key to Success in Today’s Digital World

Blog 6: Infrastructure—Making the Right Choices in a Digital World

Blog 7: Open-Source Software—Is Your Supply Chain at Risk?

Blog 8: IBM AIU—A System on a Chip Designed For AI

Blog 9: IBM Quantum: The Osprey Is Here

Blog 10: The Persistence of Log4j

Blog 11: AWS re:Invent 2022—Focus on Zero-ETL for AWS

Blog 12: AWS re:Invent 2022—The Customer Is Always Right

Blog 13: How Good is the New ChatGPT?

Blog 14: The U.S. Department of Defense Embraces Multi-Cloud

Blog 15: 2022 Digital Operations—The Year in Review

Blog 16: Lucky Number 13 for Intel—Intel Is Back on Top

Blog 17: Quantum Decryption—The Holy Grail for Cybercriminals

Blog 18: Microsoft and OpenAI—Intelligent Partnership

Blog 19: ChatGPT—The First One Is Free

Blog 20: Bing and ChatGPT—Your Co-Pilot When Searching the Web

Blog 21: ESXiArgs—Ransomware Attack on VMware

Blog 22: The Cost of Supply Chain Security—$250M in Sales

Blog 23: OpenAI Delivers on APIs—Accelerating the Adoption of ChatGPT

Blog 24: OpenAI Delivers on Plugins—Is ChatGPT The New Generative Content Platform?

Blog 25: Microsoft Security Copilot—Defending the Enterprise at the Speed of AI

Blog 26: Operation Cookie Monster Takes a Huge Bite Out of The Dark Web

Blog 27: AWS Bedrock—Amazon’s Generative AI Launch

Blog 28: Google Cloud Security AI Workbench – Conversational Security

Blog 29: World Password Day – Is This the Last Anniversary

Blog 30: Intel Partners to Enter the Generative AI Race—Aurora genAI

Blog 31: Charlotte AI – CrowdStrike Enters the Generative AI Cybersecurity Race

Blog 32: NICE Catches the Generative AI Wave

Blog 33: AMD Instinct MI300X—A New Challenger to Nvidia

Blog 34: Storm-0558—Chinese Cyber Attack on US Government Organizations

Blog 35: Network Resilience Coalition—Making the Network Safer

Blog 36: Frontier Model Forum—Power Players Unite to Make AI Safer

Blog 37: Intel Is Back in the Foundry Business—Entering the Angstrom Era

Blog 38: Check Point Acquires Perimeter 81—Securing Remote Access

Blog 39: PSA—Akira Ransomware Targeting Cisco VPNs