Qakbot Malware Taken Down

Uploaded on 2023-09-08 in GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The FBI and the us Justice Department haveannounced a multinational operation to disrupt and dismantle the malware and botnet known as Qakbot. 

The action, which took place in the US, France, Germany, the Netherlands, Romania, Latvia, and the United Kingdom, represents one of the largest US-led disruptions of a botnet infrastructure used by cyber criminals to commit ransomware, financial fraud, and other cyber-enabled criminal activity.   

Qakbot which is sometimes referred to as Qbot, is multinational hacking and ransomware operation, affecting 700,000 computers around the world, including financial institutions, government contractors and medical device manufacturers. 

Once infected, the victims’ computer became part of Qakbot’s larger botnet operation, infecting even more victims. In operation since 2008 by Eastern European cyber criminals, Qakbot is the most commonly detected malware, with 11% of corporate networks affected worldwide. 

Qakbot is a multi-purpose malware, akin to a Swiss Army knife, that allows cybercriminals to directly steal data (credentials to financial accounts, payment cards, etc) from PCs, while also serving as an initial access platform to infect victims’ networks with additional malware and ransomware. 

Qakbot is mostly distributed by phishing emails and is highly adaptive and flexible, allowing it to bypass security measures. It uses file types including OneNote, PDF , HTML, ZIP, LNK and more to infect machines. Here are some relevant statistics compiled by Check Point Research: 

  • Since March 2023, Check Point Research has observed a decrease in Qbot attacks worldwide and in the US.
  • In the US, the percentage of impacted organisations by Qbot decreased by 62% in August compared to March. In August, the number of impacted organisations by Qbot reached 2.1% while globally it impacted 4.9% of organisations; a 52% decrease compared to March. 
  • The most impacted Region by Qbot is Latin America, with 22.3% impacted organisations during 2023, followed by Africa with 22.2% impacted organisations and APAC with 12%
  • The Education and Research sectors have suffered the most in 2023 from Qbot attacks, with 23% impacted organisations. Followed by Government/Military with 18% impacted organisations and Healthcare with 14%.

“We have been tracking Qakbot for a while and this takedown operation is an important step in disrupting a major cyber crime operation. We applaud the FBI and its partners and will continue to monitor the long term impact with cyber criminals" according to Sergey Shykevich, Threat Intelligence Manager at Check Point Research:

It remains to be seen whether it was a decisive takedown or whether the operators will bounce back, and it remains vital to maintain phishing awareness, keep up-to-date with security patches and use effective anti-ransomware solutions.

FBI        CheckPoint:       CISA:                                            Image: Pavel Murarev        

You Might Also Read: 

2023’s Most Wanted Malware:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Can Shortening The Cyber Stack Increase Stability?
Poland’s Train Network Disrupted »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Global Digital Forensics (GDF)

Global Digital Forensics (GDF)

GDF specialise in Digital Forensics and e-Discovery. Other services include Data Breach Response and Cyber Security.

Mitek Systems

Mitek Systems

Mitek's global mobile capture and identity verification technology optimizes the digital user experience for thousands of financial services organizations.

Mend.io

Mend.io

Mend.io (formerly known as WhiteSource) is an application security company built to secure today’s digital world.

Polish Centre for Accreditation (PCA)

Polish Centre for Accreditation (PCA)

PCA is the national accreditation body for Poland. The directory of members provides details of organisations offering certification services for ISO 27001.

Women in CyberSecurity (WiCyS)

Women in CyberSecurity (WiCyS)

Women in CyberSecurity (WiCyS) is a non-profit organization dedicated to the recruitment, retention and advancement of women in the cybersecurity field.

Red4Sec

Red4Sec

Red4Sec are experts in ethical hacking, audits of web and mobile applications, code audits, cryptocurrency audits, perimeter security and incident response.

Cyber Security Courses

Cyber Security Courses

Cyber Security Courses was formed to help students in the UK find cyber security courses online.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Centraleyes

Centraleyes

Centraleyes (formerly CyGov) is a cutting-edge integrated cyber risk management platform that gives organizations unparalleled understanding of their cyber risk and compliance.

YorCyberSec

YorCyberSec

YorCyberSec act as a trusted Cyber and Information Security broker and procurement specialist. We help companies to Reduce Risk, Increase Assurance and Improve Performance.

R-Tech

R-Tech

R-Tech GmbH manages the digital start-up initiative, whose goal is to build a sustainable start-up culture in the field of digitization throughout the Upper Palatinate district of Bavaria.

Future Planet Capital

Future Planet Capital

Future Planet is the impact-led, global venture capital firm built to invest in high growth potential companies from the world's top research centres.

Box

Box

Box is the Cloud Content Management company that empowers enterprises to revolutionize how they work by securely connecting their people, information and applications.

One Step Secure IT

One Step Secure IT

One Step provide Managed IT Services, Cybersecurity Protections, and Compliance to businesses in the USA nationwide.

Cakewalk

Cakewalk

Cakewalk is the new standard in easy Access Control. Trusted by IT & Security teams. Loved by employees.

Blue Goat Cyber

Blue Goat Cyber

Blue Goat stands at the forefront of cybersecurity, particularly in medical device security and penetration testing.