Operation “Duck Hunt”
Quakbot: FBI infiltrates one of the largest botnets – and uses it to clean the hacked computers
The FBI and its European partners infiltrated the Qakbot botnet from the inside
© Laurence Dutton / Getty Images
The Qakbot network, which consists of more than 700,000 infected computers, has repeatedly been used for large-scale attacks. Now the FBI, together with partners like the BKA, has turned the tables.
Without the owners knowing, their computers are being attacked. Against banks, infrastructure, companies. If a PC becomes part of a so-called botnet, it becomes a weapon for hackers. With Qakbot, one of the largest networks has just been broken up by international investigative authorities – by taking control and turning it against themselves.
This is reported by the leading US federal police, the FBI, and the German BKA, which is also involved. The action, referred to as “Duckhunt” (duck hunting), was carried out together with Interpol and other European partners. The experts gained access to the network’s control servers. And used this not only to free more than 700,000 attempted computers from the installed malware, but also to protect them against further attacks.
million damage
Qakbot has been active since at least 2008, initially as a banking Trojan. In recent years, the botnet has been used primarily for ransomware attacks, in which parts of computers or servers are encrypted and then a ransom is demanded. In the period from October 2021 to April 2023 alone, the hackers are said to have carried out 40 major attacks, taking ransoms of more than $58 million, according to the FBI. $8.6 million worth of crypto coins seized in the operation are set to be paid out to victims.
The owners of the attacking computers were usually not aware of this. The computers were infected with malware via phsishing campaigns, then brought under the control of the command server using downloaded programs and used as needed. In addition, personal data of the owners such as contact or bank details are dusted off. The affected Windows computers were distributed around the world, around 200,000 computers were affected in the USA alone. under the side “Have I been pwned” you can check whether your data has been stolen. According to the FBI, Qakbot’s victims are already part of the constantly updated database for hacker victims.
Security
The main thing is that we all fall for these password myths
attack from within
After lengthy investigations, experts from the police authorities managed to infiltrate the structure of the botnet, which is divided into three hierarchical levels, and identify the main control servers. According to the BKA, servers were also confiscated in Germany. With access to the control server, the botnet was finally used against itself: the authorities removed the installation programs and thus threw the computers out of the network.
However, the investigations are still not complete. So far, the authorities have not revealed any details about the people behind the network. In IT security circles, a trail to Russia or other Eastern European countries is suspected.
Duck Hunt is not the first action in which investigative authorities use classic hacking methods to clean infected computers again. In April 2021, the FBI hacked into the servers of victims of the Chinese group Hafnium via security holes. You can find out more about the unusual campaign here.
Sources:FBI, BKA, AP, Bleeding computer