The FBI announced the successful takedown of QakBot, a botnet used by cybercriminals, and issued recommendations for mitigating cybersecurity risks.
The Federal Bureau of Investigations (FBI), amid one of the largest-ever U.S.-led enforcement actions against a botnet, announced the successful takedown of QakBot, the botnet infrastructure used by cybercriminals for ransomware, financial fraud and other criminal activity.
QakBot – also known as Qbot, Quackbot, Pinkslipbot and TA570 – infects victim computers via spam emails that contain malicious attachments or links.
In a joint advisory, the Cybersecurity and Infrastructure Security Agency and FBI are urging organizations to follow recommended mitigation measures that can reduce the likelihood of QakBot-related activity and help quickly identify QakBot-facilitated ransomware and malware infections.
On August 25, FBI and international partners executed a coordinated operation to disrupt QakBot infrastructure worldwide. Disruption operations targeting QakBot infrastructure resulted in the botnet takeover, which severed the connection between victim computers and QakBot command and control (C2) servers. The FBI is working closely with industry partners to share information about the malware to maximize detection, remediation, and prevention measures for network defenders.
CISA and FBI encourage organizations to implement the recommendations in the “Mitigations” section to reduce the likelihood of QakBot-related activity and promote identification of QakBot-facilitated ransomware and malware infections.