The FBI said Tuesday that it has taken down a network of hacked devices responsible for extorting tens of millions of dollars from victims around the world.
(Bloomberg) — The FBI said Tuesday that it has taken down a network of hacked devices responsible for extorting tens of millions of dollars from victims around the world.
US officials described the network known as Qakbot as one of the most notorious “botnets” in the world, referring to computer networks that have been infected with malicious software so that they can be controlled remotely without the owner’s knowledge — often to send phishing emails. These emails can in turn be used to hack into victims’ computer systems, which attackers will hold for ransom.
Qakbot was instrumental in enabling cyberattacks against businesses and critical services around the world, according to US officials, including hits on the San Bernardino County Sheriff’s Department and hospitals run by Prospect Medical Group. The latter resulted in the closure of emergency rooms and medical facilities across the US.
“The FBI neutralized this far-reaching criminal supply chain, cutting it off at the knees,” US Federal Bureau of Investigation Director Christopher Wray said in a statement. “The victims ranged from financial institutions on the East Coast to a critical infrastructure government contractor in the Midwest to a medical device manufacturer on the West Coast.
US officials estimated that, since its creation in 2008, Qakbot had infected around 200,000 computers in the US and 700,000 globally.
“Qakbot is a long-standing operation spanning more than a decade that has adapted and evolved with the times — initially focused on traditional banking fraud and later pivoting its focus to act as a foothold to support ransomware intrusions,” said Kimberly Goody, a senior manager at the Google-owned cybersecurity firm Mandiant.
Goody warned that take-downs don’t always result in total disruption of the bad actors behind these botnets, and they may “pivot to underground communities” to find other ways in.
“Any impact to these operations is welcomed as it can cause fractures within the ecosystem and lead to disruptions that cause actors to forge other partnerships — even if it’s only temporary,” Goody said.
(Updates with commentary on the botnet in last three paragraphs)
More stories like this are available on bloomberg.com
©2023 Bloomberg L.P.