Major Multinational Operation Dismantles Global Malware Network: Eurojust’s Integral Role in Taking Down Qakbot

Major Multinational Operation Dismantles Global Malware Network: Eurojust’s Integral Role in Taking Down Qakbot

(IN BRIEF) A global operation led by the US has successfully taken down the ‘Qakbot’ malware network that infected 700,000 computers and caused massive financial damage. Collaborating with countries like France, Germany, and the UK, the initiative disrupted cybercrime. Eurojust and Europol played key roles in cross-border cooperation. Cryptocurrency worth $8.6 million was seized, revealing Qakbot’s involvement in ransomware attacks. Compromised credentials were identified, shared by the FBI and Dutch Police. Multiple nations joined forces in this investigation. 

(PRESS RELEASE) THE HAGUE, 30-Aug-2023 — /EuropaWire/ — In a sweeping multinational effort, the United States has spearheaded an international operation to dismantle the far-reaching ‘Qakbot’ malware and botnet infrastructure. This collaborative endeavor, involving authorities from the United States, France, Germany, the Netherlands, the United Kingdom, Romania, and Latvia, marks a pivotal step in thwarting cybercrime on a massive scale. The Qakbot malware, which infected over 700,000 computers worldwide, facilitated ransomware attacks and inflicted extensive financial damages, amounting to hundreds of millions of dollars.

The operation, which heralds one of the most significant financial and technical disruptions of a criminal botnet infrastructure, was reinforced by Eurojust and Europol. These key entities played an instrumental role in fostering cross-border coordination during the action.

The operation yielded substantial results, with US authorities seizing roughly USD 8.6 million (equivalent to nearly EUR 8 million) in cryptocurrency. Eurojust’s and Europol’s support was instrumental in navigating the complexities of this investigation, enabling seamless international cooperation.

Qakbot, also known as ‘Qbot’ and ‘Pinkslipbot’, among other aliases, was managed by a criminal network and utilized by other cybercriminals to target critical sectors across the globe. The malware infiltrated victim computers primarily through malicious email attachments or hyperlinks.

Once ensnared, Qakbot could deploy additional malware, including ransomware. These compromised computers formed a botnet, allowing remote control in a coordinated manner, unbeknownst to the computer owners.

This botnet was lucratively offered to cybercriminals for a fee, and Qakbot served as an initial avenue for infection by several prominent ransomware groups in recent years. The extensive damage wrought by Qakbot extended across businesses, healthcare providers, and government entities worldwide.

Eurojust’s pivotal role in international collaboration against cybercriminal organizations was clearly manifested in this operation. The agency facilitated cross-border judicial cooperation among the involved national authorities, strategically orchestrating evidence sharing and preparations.

Europol, in turn, facilitated information exchange, operational coordination, and financial support for operational meetings. Their analytical expertise was indispensable in linking available data to various criminal cases within and outside the European Union.

The operation’s outcomes have been significant. The FBI and the Dutch National Police have identified numerous compromised account credentials attributed to the Qakbot organization. The FBI has shared these credentials with the ‘Have I Been Pwned?‘ website, enabling individuals to swiftly determine if their access credentials have been compromised.

Additionally, the Dutch National Police has established a portal for potential victims to verify if their digital identity has been pilfered. Those concerned can visit politie.nl/checkyourhack and input their email addresses for confirmation.

This groundbreaking investigation was carried out by the following authorities:

France: National Jurisdiction against Organised Crime (JUNALCO), Public Prosecutor’s Office Cybercrime Unit; National Police Cybercrime Unit (DCPJ – OCLCTIC); National Cybersecurity Agency of France (ANSSI)
Germany: Prosecutor General’s Office Frankfurt am Main – Cyber Crime Center; Federal Criminal Police Office (Bundeskriminalamt)
Latvia: State Police of Latvia
The Netherlands: National Public Prosecutors’ Office; National Police, Team High Tech Crime
Romania: Directorate for Investigating Organized Crime and Terrorism and the Romanian National Police – Directorate for Combatting Organized Crime
United Kingdom: National Crime Agency
United States: United States Attorney’s Office for the Central District of California; U.S. Department of Justice Computer Crime and Intellectual Property Section (CCIPS); and the FBI’s Los Angeles Field Office

For additional information and resources, including support for victims, please visit this justice.gov webpage, which will be regularly updated with new information and resources.

Media contacts:

Eurojust Press Team
Phone: + 31 70 412 55 00
media@eurojust.europa.eu

SOURCE: Eurojust