US and European Allies Dismantle Qakbot Hacker Network
In a collaborative effort, the United States, alongside European partners including the United Kingdom, Germany, Latvia, the Netherlands, Romania, and France, executed a operation to dismantle the Qakbot hacker network, which cybercriminals had been utilizing for financial crimes. As part of the operation, intelligence agencies seized 52 servers within the US and abroad, according to Reuters.
First identified over a decade ago, Qakbot typically propagated through infected email correspondence, sent to unsuspecting victims.
US Prosecutor Martin Estrada stated that this operation against Qakbot marked the most extensive endeavor in the history of combating botnet activity. "Through collective efforts, we've conquered Qakbot, safeguarding an immeasurable number of potential victims from future attacks," he declared during a press conference.
Cybersecurity experts posit that Qakbot likely originates from the Russian Federation. The network had targeted organizations worldwide, ranging from Germany to Argentina.
According to Estrada, the malicious Qakbot software had infiltrated over 700,000 computers, facilitated ransomware deployments, and inflicted damages amounting to hundreds of millions of dollars across enterprises, medical institutions, and government entities.
Investigators found evidence that Qakbot administrators had received fees, totaling around $58 million in ransom payments from victims, spanning the period from October 2021 to April 2023.
The FBI stated that in order to disrupt the cybercriminal network, it redirected Qakbot's internet traffic to bureau-controlled servers, effectively eradicating the associated malware from victims' computers. The FBI emphasized that it actively removed malicious files from private systems without accessing or collecting any personal information.
In his statement, FBI Director Christopher Wray noted that the virus had targeted financial institutions on the US East Coast, a critical infrastructure government contractor in the US Midwest, and a medical equipment manufacturer on the US West Coast. "The FBI has neutralized this intricate criminal supply chain by eradicating it at its roots," he remarked.
Recalling recent events, in July, Microsoft disclosed a breach by a hacking group operating from China, which compromised email accounts linked to government entities in Western Europe.