InfoBytes Blog
DOJ announces international malware action, recovers $8.6 million in illicit profits
On August 29, the DOJ announced a multinational operation involving the U.S., France, Germany, the Netherlands, the UK, Romania, and Latvia to “disrupt” a malware’s infrastructure called Qakbot. Attorney General Merrick B. Garland stated that, “[t]ogether with our international partners, the Justice Department has hacked Qakbot’s infrastructure, launched an aggressive campaign to uninstall the malware from victim computers in the United States and around the world, and seized $8.6 million in extorted funds. ” The main method by which the Qakbot malware spreads to target computers is via spam emails that contain harmful attachments or links. Upon successfully infecting a target computer, the DOJ mentioned that Qakbot gains the capability to introduce other types of malware, such as ransomware. Over the past few years, many ransomware collectives have used Qakbot as an initial avenue for initiating infections and has caused hundreds of millions of dollars in damages. The DOJ highlighted that “[t]he action represents the largest U.S.-led financial and technical disruption of a botnet infrastructure leveraged by cybercriminals to commit ransomware, financial fraud, and other cyber-enabled criminal activity.”