International Operation Disrupts ‘Botnet’ Army Behind Damaging Cyberattacks
An international law-enforcement operation has dismantled a network of hundreds of thousands of computers that criminals used to launch cyberattacks against critical industries worldwide, U.S. authorities said Tuesday. Investigators in the U.S., U.K., France, Germany, the Netherlands, Romania and Latvia took aim at a notorious strain of malware known as Qakbot that had infected more than 700,000 computers, took control of them and enabled them to be leased out to criminal gangs to facilitate more cyberattacks.
Justice Department officials said the so-called botnet was used in ransomware attacks, financial and elder fraud, data theft, and more, and caused hundreds of millions of dollars in damage. Authorities said they had developed a tool that excised the malware from victim computers, and had seized nearly $9 million in stolen cryptocurrency related to use of Qakbot. The campaign, known as Operation Duck Hunt, “put an end to what has been described as one of the most devastating cybercriminal tools in history," Donald Alway, a senior official at the Federal Bureau of Investigation’s Los Angeles field office, told reporters.
Qakbot, which security researchers say has been around since at least 2007, has in recent years been used by ransomware gangs to gain entry into computer networks. Known as a “malware loader," Qakbot would help assailants breach a computer’s defenses and deploy other malware that engineered cyberattacks like ransomware. Qakbot is the most popular malware loader in use, accounting for 30% of cases involving a loader, according to U.S.-based cybersecurity firm ReliaQuest.
Read more on livemint.com
