A botnet refers to a group of internet-connected devices, which have been infected by a malware, and have come under the control of a malicious actor.
Botnet, which is a portmanteau from the words "robot" and "network," is often used for performing Distributed Denial-of-Service attacks (DDoS), steal data, send spam, and allow the attacker to access the device and its connection.
Using a command and control software, malicious actors are increasingly renting their botnets as commodities to hackers and alike.
And this time, the U.S. and its partners have successfully crippled one of the longest-standing botnet networks.
Through an FBI-led, multinational cyber takedown operation, they managed to dismantle the Qakbot infrastructure once and for all.
Today, #FBI Director Christopher Wray announced a Bureau-led operation that crippled a long-running botnet. Just in the past year, this botnet infected approximately 700,000 computers. Learn how the FBI restored control to victims: https://t.co/RVEwdGBFzu pic.twitter.com/yCXhK5pDtl
— FBI (@FBI) August 29, 2023
Qakbot, or Qbot, or Pinkslipbot, is a modular second-stage malware with backdoor capabilities, initially purposed as a credential stealer.
As a modular information stealer, Qakbot has been active for years since 2007, and has historically been known as a banking Trojan, meaning that one of its primary goals was to steal financial data from infected systems.
Beyond that, it's also a loader which uses its command and control center to deliver payloads on targets.
Qakbot, considered one of the top malware strains of 2021, is also classified as a worm, and remote access trojan (RAT).
What this means, not only can Qakbot steal sensitive data, because the malware is also able to self-propagate to other systems on the network.
Besides that, Qakbot also provides remote code execution (RCE) capabilities, allowing attackers to perform manual attacks to achieve secondary objectives such as scanning the compromised network or injecting ransomware.
Throughout its history, Qakbot has been used by notorious ransomware gangs, like REvil, ProLock, and Lockbit.
Qakbot was only discovered in 2008, and since then, the malware was experiencing constant updates.
The popularity of Qakbot peaked in 2020, when threat researchers noted that the release of a novel Qakbot strain resulted in a 465% increase in its year-over-year share of cyberattacks.
Usually, the malware infects victims through spam emails that contained malicious attachments or links, causing a total of hundreds of millions of dollars in losses to individuals and businesses in the U.S. and abroad.
Read: FBI Seizes Domain Responsible For Major Russian Botnet

According to the FBI in a website post:
And according to FBI Director Christopher Wray:
"The victims ranged from financial institutions on the East Coast to a critical infrastructure government contractor in the Midwest to a medical device manufacturer on the West Coast."
The FBI further explained that as part of the operation, the agency, which gained lawful access to Qakbot’s infrastructure, identified over 700,000 infected computers worldwide—including more than 200,000 in the U.S.
in addition, the agency also took over the control of $8.6 million in cryptocurrency from hackers that utilized the malware to commit ransomware, financial fraud and "other cyber-enabled criminal activity."
To disrupt the botnet's operation, the FBI redirected Qakbot traffic to its own controlled servers that instructed infected computers to download an uninstaller file, which would remove the malware from their system.
"All of this was made possible by the dedicated work of FBI Los Angeles, our Cyber Division at FBI Headquarters, and our partners, both here at home and overseas," said Wray. "The cyber threat facing our nation is growing more dangerous and complex every day. But our success proves that our own network and our own capabilities are more powerful."
While the takedown would certainly disrupt many hackers' work, malicious actors could certainly built another, new malware infrastructure.
But putting everything together and amass such huge army of botnets would certainly take years.
In its own announcement, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said that the FBI is "working closely with industry partners to share information about the malware to maximize detection, remediation, and prevention measures for network defenders."
Read: Authorities From 8 Countries Have Taken Down Emotet's Worldwide Botnet Operation













































































































































































































































































































































































