FBI, Partners Dismantle Qakbot Infrastructure in Multinational Cyber Takedown August 29, 2023 https://www.fbi.gov/news/stories/fb...nfrastructure-in-multinational-cyber-takedown
Secureworks have some technical analysis about what happened. August 29, 2023 https://www.secureworks.com/blog/law-enforcement-takes-down-qakbot Read there more.
Interesting stuff, this was a major blow to this hackergroup. I do wonder how they managed to takeover the servers, was it perhaps by infecting a hacker's PC? Now that would have been funny. But I can understand that the FBI won't make this public of course. https://www.infosecurity-magazine.com/news/fbi-operation-duck-hunt-qakbot/
Explained in this article: https://www.bleepingcomputer.com/ne...ked-qakbot-malware-from-infected-windows-pcs/ . Scroll down to this section, How the FBI uninstalled Qakbot .
Interesting article by Lawrence. It too mentions Secureworks. And it gives links to two sites where people might want to check whether they are probably infected. There is also an interesting article at The Register: https://www.theregister.com/2023/08/29/duck_hunt_qakbot/ It gives links to three US Court Orders (pdf) that allowed this to happen. That is also very interesting. There might be some interesting discussions about what this might mean for the future. Time will tell whether if and when and how this ugly Qakbot malware will resurrect ... And finally: will all AV's be able to detect and clean this now?
OK thanks, so it's not completely clear but it seems like they did indeed manage to infect one of the hacker's machines, quite funny. So they got a taste of their own medicine LOL.
