Qakbot Malware Taken Down

Uploaded on 2023-09-08 in GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The FBI and the us Justice Department haveannounced a multinational operation to disrupt and dismantle the malware and botnet known as Qakbot. 

The action, which took place in the US, France, Germany, the Netherlands, Romania, Latvia, and the United Kingdom, represents one of the largest US-led disruptions of a botnet infrastructure used by cyber criminals to commit ransomware, financial fraud, and other cyber-enabled criminal activity.   

Qakbot which is sometimes referred to as Qbot, is multinational hacking and ransomware operation, affecting 700,000 computers around the world, including financial institutions, government contractors and medical device manufacturers. 

Once infected, the victims’ computer became part of Qakbot’s larger botnet operation, infecting even more victims. In operation since 2008 by Eastern European cyber criminals, Qakbot is the most commonly detected malware, with 11% of corporate networks affected worldwide. 

Qakbot is a multi-purpose malware, akin to a Swiss Army knife, that allows cybercriminals to directly steal data (credentials to financial accounts, payment cards, etc) from PCs, while also serving as an initial access platform to infect victims’ networks with additional malware and ransomware. 

Qakbot is mostly distributed by phishing emails and is highly adaptive and flexible, allowing it to bypass security measures. It uses file types including OneNote, PDF , HTML, ZIP, LNK and more to infect machines. Here are some relevant statistics compiled by Check Point Research: 

  • Since March 2023, Check Point Research has observed a decrease in Qbot attacks worldwide and in the US.
  • In the US, the percentage of impacted organisations by Qbot decreased by 62% in August compared to March. In August, the number of impacted organisations by Qbot reached 2.1% while globally it impacted 4.9% of organisations; a 52% decrease compared to March. 
  • The most impacted Region by Qbot is Latin America, with 22.3% impacted organisations during 2023, followed by Africa with 22.2% impacted organisations and APAC with 12%
  • The Education and Research sectors have suffered the most in 2023 from Qbot attacks, with 23% impacted organisations. Followed by Government/Military with 18% impacted organisations and Healthcare with 14%.

“We have been tracking Qakbot for a while and this takedown operation is an important step in disrupting a major cyber crime operation. We applaud the FBI and its partners and will continue to monitor the long term impact with cyber criminals" according to Sergey Shykevich, Threat Intelligence Manager at Check Point Research:

It remains to be seen whether it was a decisive takedown or whether the operators will bounce back, and it remains vital to maintain phishing awareness, keep up-to-date with security patches and use effective anti-ransomware solutions.

FBI        CheckPoint:       CISA:                                            Image: Pavel Murarev        

You Might Also Read: 

2023’s Most Wanted Malware:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Can Shortening The Cyber Stack Increase Stability?
Poland’s Train Network Disrupted »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

authen2cate

authen2cate

Authen2cate offers a simple way to provide application access with our Identity and Access Management (IAM) solutions for enterprise, small business, and individual customers alike.

RIVA Solutions

RIVA Solutions

RIVA provides innovative best practices in IT and management consulting, program support services and emerging technologies.

Copper Horse Solutions

Copper Horse Solutions

Copper Horse specialises in mobile and IoT security, engineering solutions throughout the product lifecycle from requirements to product security investigations.

Genua

Genua

Genua is a specialist in IT security services and solutions ranging from network and infrastructure security to encrypted comms and industrial automation.

KayHut

KayHut

KayHut is a young, innovative company engaged in cyber research and security solutions.

VietSunshine

VietSunshine

VietSunshine is a leading provider of network security infrastructure and solutions in Vietnam.

Ampliphae

Ampliphae

Ampliphae gives you an easy-to-deploy, sophisticated and affordable cloud-discovery, security and compliance platform.

Inspira Enterprise

Inspira Enterprise

Inspira Enterprise is a leading digital transformation company with expertise in Cyber Security, Internet of Things (IOT), Blockchain, Big Data & Analytics, Intelligent Automation and Cloud Computing.

Singular Security

Singular Security

Singular Security help public and private organizations minimize cybersecurity risk and pass their IT compliance audit.

Prosperoware

Prosperoware

Prosperoware develop software for cybersecurity, privacy, and regulatory compliance for content systems, and financial matter management.

comforte AG

comforte AG

comforte AG is a leading provider of data-centric security technology. Organizations worldwide rely on our tokenization and format-preserving encryption capabilities to secure personal, sensitive data

Abu Dhabi Gov Digital

Abu Dhabi Gov Digital

Gov Digital (formerly Abu Dhabi Digital Authority - ADDA) enable, support and deliver a digital government that is proactive, personalised, collaborative and secure.

OneCollab

OneCollab

OneCollab, your unwavering ally in the dynamic landscape of IT services and cybersecurity.

Cybercentry

Cybercentry

Cybercentry is a specialist information security, data protection and cyber security consultancy.

XONA Systems

XONA Systems

XONA is The Zero Trust user access platform for the OT enterprise. Secure operational access to critical systems - from anywhere.

S4E (Security for Everyone)

S4E (Security for Everyone)

At S4E.io, our mission is to democratize digital security, making it accessible, simple, and effective for individuals and businesses of all sizes.