LOS ANGELES – The U.S. Department of Justice has unveiled a multinational operation spanning the United States, France, Germany, the Netherlands, the United Kingdom, Romania, and Latvia, aimed at dismantling the Qakbot botnet and its associated malware. Qakbot, also known as "Qbot" or "Pinkslipbot," has infected over 700,000 computers worldwide, causing extensive financial losses through ransomware attacks and other cyber-enabled crimes.
Source: Justice Department Announcement
This effort marks one of the most extensive financial and technical interventions against a botnet infrastructure used by cybercriminals for activities such as ransomware attacks and financial fraud. The operation includes the deletion of the Qakbot malicious code from victim computers and the seizure of more than $8.6 million in illicit cryptocurrency profits.
Attorney General Merrick B. Garland stated, "Today's action sends a clear message to cybercriminals that they will be held accountable for their actions. Through international collaboration, we have dismantled the Qakbot infrastructure, removed its malware from victim computers, and confiscated $8.6 million in extorted funds."
The multinational partnership, led by the U.S. Department of Justice and the FBI, has successfully disrupted the Qakbot botnet. The malware spreads through malicious attachments or hyperlinks in spam emails and can deliver additional malware, including ransomware. Infamous ransomware groups such as Conti, ProLock, Egregor, REvil, MegaCortex, and Black Basta have employed Qakbot as an initial infection method, leading to substantial damages.
The U.S. Attorney's Office for the Central District of California, the FBI Los Angeles Field Office, and the Computer Crime and Intellectual Property Section (CCIPS) of the Criminal Division were key participants in the operation. This initiative was supported by various international law enforcement agencies, including Europol, the French Police Cybercrime Central Bureau, Germany’s Federal Criminal Police, the Netherlands National Police, the United Kingdom’s National Crime Agency, Romania’s National Police, and Latvia’s State Police.
Donald Alway, Assistant Director in Charge of the FBI’s Los Angeles Field Office, remarked, "This operation not only prevented numerous cyberattacks but also dealt a blow to the global cybercrime supply chain. It safeguards computer systems from personal devices to critical infrastructure."
The operation's scope focused on removing Qakbot code from victim computers, effectively severing their connection to the botnet. It did not address other malware present on these systems or involve accessing user data.
Zscaler provided crucial technical assistance for the operation, while organizations such as the Cybersecurity and Infrastructure Security Agency, Shadowserver, Microsoft Digital Crimes Unit, and Have I Been Pwned aided in victim notification and remediation.
For additional information and resources, including assistance for victims, visit: Justice Department Qakbot Resources