FBI's Operation 'Duck Hunt' Disrupts Qakbot Botnet

Category: Cybersecurity Enforcement | Industry: Global | Source: FBI

On August 29th, 2023, the United States FBI and Justice Department made an announcement unveiling a multinational operation named 'Duck Hunt.' The operation's objective was to "dismantle and disrupt" the activities of the Qakbot malware botnet. As a result of the international law enforcement's efforts, "the FBI gained lawful access to Qakbot’s infrastructure and identified over 700,000 infected computers worldwide—including more than 200,000 in the U.S.," the agency announced.

In order to disrupt the botnet's activities, the FBI explains that they "redirected Qakbot traffic to Bureau-controlled servers that instructed infected computers to download an uninstaller file. This uninstaller—created to remove the Qakbot malware—untethered infected computers from the botnet and prevented the installation of any additional malware." Qakbot, an unfortunate malware veteran, has been active since 2008 and utilized in various cybercrime operations, including ransomware. Several intrusions associated with the Black Basta ransomware gang have incorporated Qakbot in its attack chain to obtain initial access. Threat actors utilize the malware globally targeting all industry verticals.