FBI Duck Hunt Operation Against Qakbot Resurgence

Last week, a pernicious and multifunctional malware was silenced as a result of Operation “Duck Hunt,” a collaborative effort led by the FBI. This operation successfully extracted the malicious code from 700,000 compromised systems, forcibly severing their connection to the Qakbot botnet. Additionally, the FBI took control of 52 servers and recovered $8.6 million in stolen cryptocurrency, vowing to return these funds to the rightful victims.

Renowned for affording cybercriminals an initial entry point into a victim’s network, Qakbot stands as a notorious banking trojan. This malevolent tool has enabled hackers to purchase access and deploy their own malware, including ransomware. According to U.S. authorities, Qakbot’s involvement has played a role in over 40 ransomware incidents within the last year and a half, resulting in a staggering $58 million in ransom payments.

Among Qakbot’s ransomware targets were an engineering firm based in Illinois, financial service entities located in Alabama and Kansas, as well as a defense manufacturer in Maryland and a food distribution company in Southern California, as stated by Estrada.
The FBI’s operation involved rerouting the botnet’s traffic to government-controlled servers, effectively giving them control.

Leveraging this access, the FBI directed Qakbot-infected devices globally to download an uninstaller developed by the agency. This liberated the victim’s computer from the botnet, putting a halt to any future malware installations via Qakbot.
Qakbot strategically maintains a presence, ensuring persistence within the system. <
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents