The FBI and the Department of Justice announced on Tuesday that a multinational operation has dismantled a malware infrastructure called Qakbot that cybercriminals used in ransomware attacks, online financial fraud and other cybercrimes.
The FBI Headquarters’ Cyber Division and FBI Los Angeles collaborated with partners in France, Germany, the Netherlands, Romania, Latvia and the United Kingdom.
The bureau said the probe called for obtaining lawful access to Qakbot’s infrastructure, which has infected over 700,000 computers worldwide, including over 200,000 in the United States.
The dismantling activity was accomplished by redirecting Qakbot traffic to FBI-controlled servers, which fed an uninstaller file to the compromised machines, releasing them from the botnet while preventing additional malware installation.
In a statement, FBI Director Christopher Wray said Qakbot had given cybercriminals a worldwide command and control infrastructure on numerous computers. Past victims were individuals and businesses in the U.S. and abroad, including banks, a government contractor of critical infrastructure and a medical equipment maker.
According to a separate DOJ announcement of the malware takedown, the Qakbot botnet, created in 2008, primarily attacks via spam email messages bearing malicious hyperlinks or attachments and can subsequently deliver more malware.
