cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Qakbot botnet disrupted by FBI in international cyber sting

A multinational cyber sting has seen the infamous Qakbot malware dismantled.

user icon Daniel Croft
Wed, 30 Aug 2023
Qakbot botnet disrupted by FBI in international cyber sting
expand image

Qakbot is a banking Trojan first discovered in 2008 designed to steal sensitive information through a number of means including remote access, keystroke tracking, and more.

Computers infected with Qakbot join a malware network of compromised devices in which threat actors are then able to remotely control all of them, without the device owners knowing.

Qakbot was distributed through compromised links in phishing emails, which once clicked on, would install it alongside other malware.


The FBI, along with international security agencies in the US, France, Germany, the Netherlands, Romania, Latvia, and the UK, launched a major cyber takedown on Qakbot, dismantling the botnet.

The FBI neutralised this far-reaching criminal supply chain, cutting it off at the knees," said Christopher Wray, FBI Director.

The victims ranged from financial institutions on the east coast to a critical infrastructure government contractor in the Midwest to a medical device manufacturer on the west coast.”

Law enforcement seized over US$8.6 million in illegal profits and detected over 700,000 infected devices.

“Cyber criminals who rely on malware like Qakbot to steal private data from innocent victims have been reminded today that they do not operate outside the bounds of the law,” Attorney General Merrick B Garland said.

“Together with our international partners, the Justice Department has hacked Qakbot’s infrastructure, launched an aggressive campaign to uninstall the malware from victim computers in the United States and around the world, and seized $8.6 million in extorted funds.”

The malware was used by a number of major cyber criminal organisations. According to information provided to Cyber Security Connect by Secureworks, the GOLD LAGOON threat group has earned an approximate US$58 million in profits through the use of the malware.

“Qakbot was the botnet of choice for some of the most infamous ransomware gangs, but we have now taken it out,” said US Attorney Martin Estrada for the Central District of California.

The FBI said it was able to disrupt the botnet’s activities by redirecting Qakbot traffic to FBI controlled servers, which then instructed infected devices to download a file that uninstalled the malware.

All of this was made possible by the dedicated work of FBI Los Angeles, our cyber division at FBI Headquarters, and our partners, both here at home and overseas,” added Wray.

The cyber threat facing our nation is growing more dangerous and complex every day. But our success proves that our own network and our own capabilities are more powerful.”

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.