An international operation involving the National Crime Agency and the FBI resulted in a major setback for the cyber-criminal underworld. The operation has led to the takedown of Qakbot malware (known as Qbot), which facilitated ransomware attacks and caused millions of pounds worth of worldwide damage.
Qbot emerged in the late 2000s and is believed to have infected more than 700,000 computers globally, including in the UK. Over the years, it has operated in many different capacities, including as a banking trojan and a credential stealer, usually spread as a malicious attachment via spam emails. Qbot, a highly structured and multi-layered bot network that was effectively feeding the global cyber-crime supply chain.
Most dangerously, it was used as a remote access trojan (RAT) by some of the world’s most infamous cyber-crime operations to facilitate the spread of ransomware lockers, including LockBit, which attacked Royal Mail at the start of 2023.
It is believed that Qbot’s administrators may have received up to $58m from various ransomware attacks in which Qbot used.
The hacking mission against Qbot saw the FBI gain access to Qbot’s infrastructure, Agents then redirected Qbot botnet traffic to and through servers that it controlled, which instructed the victims’ machines to download a file to uninstall the malware and free the victim system from the botnet, preventing further installation of malware via Qbot.
However, although the disruption of Qbot will be a setback to many cyber-criminal operations, it will do little to combat the scourge of cyber crime in general. It is likely the ransomware gangs that used it will pivot to other tools or fall back on the services of initial access brokers, in short order.
Source: National Crime Agency – Aug 2023
