The Federal Bureau of Investigation (FBI), in collaboration with the US Justice Department and international partners, has executed a multinational operation to effectively dismantle the Qakbot malware and botnet, a major threat network responsible for a wide range of cybercrimes.

The operation, announced on August 29, was revealed to be one of the largest disruptions of a botnet infrastructure. Qakbot, a notorious banking trojan and malware that has been active since at least 2009 was targeted due to its extensive deployment in various criminal activities such as ransomware attacks and financial fraud.

Qakbot primarily infected victims’ computers through malicious attachments and links embedded in spam emails. Once a recipient interacted with these elements, the malware would proceed to infect the host computer with additional harmful software, including ransomware. The compromised computer would then become part of a botnet, effectively rendering it under the control of remote cybercriminals, often without the victim’s knowledge.

Christopher Wray, FBI director, in praise of the operation’s success, said, “The FBI neutralised this far-reaching criminal supply chain, cutting it off at the knees. The victims ranged from financial institutions on the East Coast to a critical infrastructure government contractor in the Midwest to a medical device manufacturer on the West Coast.”

Wray emphasised the collaborative effort that led to the operation’s success, crediting the diligent work of various teams within the FBI and international partners. He underscored the increasing complexity and severity of the cyber threats faced by the nation, while also highlighting the potency of the collective network and capabilities of law enforcement agencies.

FBI’s operation against the Qakbot botnet involved gaining lawful access to the infrastructure supporting the malware. More than 700,000 infected computers globally, with over 200,000 located in the U.S., were identified and addressed in the takedown.

To disrupt the botnet’s operations, the FBI redirected Qakbot-generated traffic to servers under their control. These servers then instructed the infected computers to download an uninstaller designed to eradicate the Qakbot malware. This process effectively freed the infected devices from the botnet’s control and also thwarted further malware installations.

Check out the video below: