Qakbot Infrastructure Takedown, UNC4841 Exploits Barracuda Zero-Day

tap 17 - 2023

The FBI Dismantled QakBot Infrastructure

QakBot — also known as Qbot, Quackbot and Pinkslipbot — is responsible for thousands of malware infections globally. QakBot has provided initial access for more than 700,000 computers around the world that lead to ransomware attacks and compromising of Financial Sector user accounts. 

On August 25, 2023, the FBI (Federal Bureau of Investigation) and international partners executed a coordinated operation to disrupt QakBot infrastructure worldwide. Disruption operations targeting QakBot infrastructure resulted in the botnet takeover, which severed the connection between victim computers and QakBot command and control (C2) servers. [1

EclecticIQ analysts assess with moderate confidence that following the operation, a short-term decline in QakBot infection rates is almost certain. In the intermediate term, it is probable that QakBot developers will enhance their C2 communication security and resume their activities. Analysts saw similar cases in the disruption of Emotet’s infrastructure by a coordinated global law enforcement takedown in January 2021. Emotet reemerged 10 months later and has resumed campaigns. [2]  

Article Link: Qakbot Infrastructure Takedown, UNC4841 Exploits Barracuda Zero-Day