By: Craig Kennedy
Operation Duck Hunt – FBI Goes on the Offensive and Bags Qakbot
On August 29, 2023, the Department of Justice announced the results of a multinational operation aimed at dismantling a notorious malware and botnet criminal organization that’s been causing serious damage for over a decade known as Qakbot.
Who is Qakbot? —The Foundation of Too Many Successful Attacks
Qakbot first appeared on the scene in 2008 as a banking trojan and was initially focused on financial fraud. Over the years, it has morphed into a platform used by many notorious ransomware groups for them to gain initial access to their victim’s computers.
Qakbot has been used by the likes of Conti and REvil, the latter using Qakbot extensively in its high profile ransomware attack of JBS Foods in June 2021. It’s estimated that Qakbot has compromised over 700,000 computers globally and that Qakbot Administrators have collected $58 million in ransomware fees from their victims since October 2021.
Qakbot malware infected victim computers, and once infected became an unwitting member of a botnet (a network of compromised computers) controlled remotely to perform nefarious tasks. The computer’s owners meanwhile are unaware of the malicious deeds being performed in the background.
How Did This Successful Bust Go Down?
This complex operation involved law enforcement organizations across the US and Europe. The Federal Bureau of Investigation (FBI) led the operation in collaboration with European law enforcement agencies from France, Germany, Latvia, Netherlands, Romania, and the United Kingdom.
The operation, codenamed “Operation Duck Hunt” with technical assistance from Cybersecurity firm Zscaler, identified Qakbot traffic and redirected it to FBI controlled servers that uninfected the servers and provided protection from future infection, essentially dissolving the long-lived botnet.
The net results of the operation was a removal of the botnet software from active infected computers, seizing of more than $8.6 million in cryptocurrency from illicit profits, and the seizing of 52 servers.
Bottom Line:
This is one of the largest ever US led operation against a multinational botnet operator. This is an accelerating trend from exclusively reacting to attacks to proactively planning and offensively attacking cybercriminals internationally. Given the increased pace and sophistication of cyberattacks, this is a welcome change.
State-sponsored attacks require state-sponsored responses, and responses need not be exclusively defensive in nature; an effective defense is a powerful offense.
The Executive Guide to AI – Aragon Foresight AI
LIVE on Thursday, September 28th at 10 AM PT | 1 PM ET
The rush to AI is here! With the growing interest in ChatGPT, enterprises are searching for answers on how to put AI to work.
Aragon Research has been covering artificial intelligence for over seven years. In this Demo Day on Thursday, September 28th, Aragon CEO and Founder, Jim Lundy, will provide a deep dive into Aragon Research’s coverage of AI and provide a demo of our service that we refer to as Foresight.
Topics we will cover in this webinar include:
- AI trends business leaders need to know.
- Why intelligence matters in every business unit.
- Demo of Aragon Foresight and how enterprises can leverage it for their business.
