US Spearheads International Effort to Neutralize QakBot Malware Network

US authorities working with international law enforcement agencies have dismantled the infamous QakBot malware network.

The international operation "Duck Hunt," announced yesterday, targeted the malware family that has inflicted more than $58 million in losses over the last 18 months.

As part of the operation, the Federal Bureau of Investigation (FBI) and the Department of Justice (DoJ) obtained court orders to stealthily remove QakBot malware from compromised Microsoft Windows computers and seize servers used to control the botnet.

First surfacing in 2007 as a banking trojan, QakBot, previously known as Qbot and Pinkslipbot, has evolved into a potent malware strain that lets perpetrators prepare compromised networks for ransomware infections. The malware mainly spreads through phishing emails disguised as legitimate items such as work orders or invoices, often by inducing a sense of urgency.

The US attorney for the Southern District of California, Martin Estrada, said QakBot has been involved in 40 distinct ransomware attacks over the last 18 months.

Don Alway, the assistant director in charge of the FBI's Los Angeles field office, described how federal investigators gained access to an online control panel used by cybercriminals to monitor and control the botnet.

With court approval, authorities instructed all infected machines to uninstall QakBot and sever their connection to the botnet.

The effort was part of a broader strategy to neutralize the malware, which has infected over 700,000 machines in the last year, including 200,000 systems in the US.

The success of the operation was underpinned by international collaboration. The DoJ worked closely with law enforcement agencies from France, Germany, Latvia, The Netherlands, Romania and the United Kingdom. Together, they seized over 50 servers connected to the malware network and approximately $9 million in stolen cryptocurrency.

"The Qakbot Uninstall file did not remediate other malware that was already installed on infected computers,” reads the DoJ’s announcement. "Instead, it was designed to prevent additional QakBot malware from being installed on the infected computer by untethering the victim computer from the QakBot botnet.”

This is not the US government's first use of court orders to dismantle malware operations and disinfect compromised systems. Last year, the DoJ led a similar operation against the notorious Russian "Snake" malware, known for data theft.

Operation "Duck Hunt" marks another milestone in the war against cybercrime, showing what can be achieved when national and international entities collaborate for a common cause.