FBI’s Operation Duck Hunt Takes Qakbot Malware Down – The agency reportedly made a massive botnet that is responsible for infecting over 700,000 computers to uninstall itself.
Operation Duck Hunt as the operation is called reportedly targeted Qakbot malware that controls computers and then sets them up for other forms of attacks such as ransomware remotely.
FBI’s Operation Duck Hunt
The US government has just helped to dismantle a huge network of computers that was infected with one of the most notorious pieces of malware in the world. And according to the FBI, a multinational effort that was led by the US took down Qakbot. This is malware that made its way into more than 700,000 computers around the world.
How Victims Were Targeted By the Qakbot Malware
Hackers in question typically targeted victims with Qakbot simply by sending them spam emails that contain malicious attachments or links. And as soon as a victim gets to download the attachment or clicks the link, Qakbot immediately infects their computer, which in turn then becomes part of a botnet, or let’s say a network of infected computers that is controlled by hackers remotely. And from there, bad actors can easily and effectively install additional malware on the devices of their victims, such as ransomware.
How the FBI Took Down the Malware
To take down the network in question, the FBI routed Qakbot via FBI-controlled servers, where it reportedly instructed infected computers in the US and elsewhere to download software that helped to uninstall the Qakbot malware. The installer in question also separated infected computers from the botnet, “preventing further installation of malware through Qakbot.”
And as noted by the DOJ, the action as you should know was only limited to the malware that was installed by Qakbot actors and “did not extend to remediating other malware already installed on the victim computers.”
Operation Duck Hunt Regions
Operation “Duck Hunt” in addition to the US, also involved Europol, France, Germany, the Netherlands, the UK, Romania, and Latvia. The US has stated that the botnet was responsible for hundreds of millions of dollars in damages and then infected over 200,000 computers in the US alone.
Qakbot for those that don’t know has been around since 2008 and was at some point in time leveraged by several prolific ransomware groups in the past, and this is including Conti, REvil, MegaCortex, and many more. And as part of the whole operation, the DOJ reportedly seized $8.6 million worth of extorted funds in crypto.
What A US Attorney Has To Say About the Operation
“An international partnership led by the Justice Department and the FBI has resulted in the dismantling of Qakbot, one of the most notorious botnets ever, responsible for massive losses to victims around the world,” US Attorney Martin Estrada in a statement said. “Qakbot was the botnet of choice for some of the most infamous ransomware gangs, but we have now taken it out.”
How Users Can Check If They Have Been Affected
The FBI ever since has provided Have I Been Pawned with the compromised credentials that it found during the operation, enabling you to enter your email on the site to check if it is that you were affected. The Dutch National Police on the other hand has also added affected credentials to its Check Your Hack site.