In a joint operation named “Duck Hunt,” the FBI, alongside law enforcement authorities from France, Germany, Latvia, The Netherlands, Romania, and the United Kingdom, successfully dismantled the Qakbot botnet, also recognized as Qbot or Pinkslipbot. This collaborative effort resulted in the seizure of nearly $9 million in cryptocurrency from the operators of the botnet, which served as a crucial infrastructure for cybercriminals engaged in spreading ransomware, financial fraud, and various other criminal activities. Notably, no arrests were made during the operation.
According to the FBI’s official statement, the law enforcement agencies gained control of the Qakbot infrastructure, identifying over 700,000 infected computers. To dismantle the botnet, the FBI’s IT specialists redirected Qakbot traffic to their servers and subsequently instructed the bots to uninstall themselves.
![](https://www.deeponion.net/wp-content/uploads/2024/01/qakbot-1024x620.jpeg)
Qakbot primarily infected computers through spam emails, requiring recipients to open malicious attachments or click on links. Once activated, Qakbot would load additional malware, including ransomware, onto the compromised computers.
Numerous prominent ransomware groups, such as Conti, ProLock, Egregor, REvil, MegaCortex, and Black Basta, relied on Qakbot to establish initial access to their victims’ networks.
The FBI highlighted that unidentified individuals have been utilizing Qakbot in ransomware attacks and other criminal actions since 2008, resulting in hundreds of millions of dollars in damages to individuals and businesses globally. Investigations revealed that between October 2021 and April 2023, Qakbot administrators received fees linked to approximately $58 million in ransom payments.
Additionally, the Department of Justice (DOJ) successfully recovered more than 6.5 million stolen passwords and other credentials. This valuable information has been shared with two websites, namely Have I Been Pwned and the Check Your Hack website operated by the Dutch National Police, enabling users to check if their credentials were exposed in security breaches.