The FBI’s recent takedown of the QakBot botnet sent shockwaves throughout the cybersecurity community when it was first announced last week. QakBot had become the malware of choice for dozens of hacking groups and ransomware outfits that used it to set the table for devastating attacks.
Since emerging in 2007 as a tool used to attack banks, the malware evolved into one of the most commonly-seen strains in the world, luring an ever-increasing number of machines into its powerful web of compromised devices. Justice Department officials said their access to the botnet’s control panel revealed it was harnessing the power of more than 700,000 machines, including over 200,000 in the U.S. alone.
But almost as interesting as the takedown was the way law enforcement agencies pulled off the disruption.
Senior FBI and Justice Department officials — who called it “the most significant technological and financial operation ever led by the Department of Justice against a botnet” — explained in a briefing that they managed to infiltrate the botnet’s infrastructure and take a range of actions to shut it down.