{
	"id": "50773641-438f-43eb-96e5-c9862a9c0c66",
	"created_at": "2026-04-06T00:22:36.353894Z",
	"updated_at": "2026-04-10T03:21:28.353132Z",
	"deleted_at": null,
	"sha1_hash": "d8242e2a5f586b4f67c1dd442c3d28deb0cd7b94",
	"title": "FBI, Partners Dismantle Qakbot Infrastructure in Multinational Cyber Takedown | Federal Bureau of Investigation",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 39372,
	"plain_text": "FBI, Partners Dismantle Qakbot Infrastructure in Multinational\r\nCyber Takedown | Federal Bureau of Investigation\r\nArchived: 2026-04-05 16:13:19 UTC\r\nFBI, Partners Dismantle Qakbot Infrastructure in Multinational Cyber Takedown\r\nOperation marks one of the largest-ever U.S.-led enforcement actions against a botnet\r\nOn August 29, the FBI and the Justice Department announced a multinational operation to disrupt and dismantle\r\nthe malware and botnet known as Qakbot.   \r\n The action, which took place in the U.S., France, Germany, the Netherlands, Romania, Latvia, and the United\r\nKingdom, represents one of the largest U.S.-led disruptions of a botnet infrastructure used by cybercriminals to\r\ncommit ransomware, financial fraud, and other cyber-enabled criminal activity.  \r\n \"The FBI neutralized this far-reaching criminal supply chain, cutting it off at the knees,\" said FBI Director\r\nChristopher Wray. \"The victims ranged from financial institutions on the East Coast to a critical infrastructure\r\ngovernment contractor in the Midwest to a medical device manufacturer on the West Coast.\"\r\nBotnet Attack, illustration\r\n“The FBI neutralized this far-reaching criminal supply chain, cutting it off\r\nat the knees.”\r\nFBI Director Christopher Wray\r\nHow the Malware Worked \r\n The Qakbot malware infected victim computers primarily through spam emails that contained malicious\r\nattachments or links.  \r\n After a user downloaded or clicked the content, Qakbot delivered additional malware—including ransomware—\r\nto their computer. The computer also became part of a botnet (a network of compromised computers) and could be\r\ncontrolled remotely by botnet users. All the while, a Qakbot victim was typically unaware that their computer\r\nhad been infected. \r\n Since its creation in 2008, Qakbot malware has been used in ransomware attacks and other cybercrimes that\r\ncaused hundreds of millions of dollars in losses to individuals and businesses in the U.S. and abroad. \r\n\"This botnet provided cybercriminals like these with a command-and-control infrastructure consisting of hundreds\r\nof thousands of computers used to carry out attacks against individuals and businesses all around the globe,\" Wray\r\nsaid. \r\nhttps://www.fbi.gov/news/stories/fbi-partners-dismantle-qakbot-infrastructure-in-multinational-cyber-takedown\r\nPage 1 of 2\n\nDisrupting the Duck \r\n As part of the operation, the FBI gained lawful access to Qakbot’s infrastructure and identified over 700,000\r\ninfected computers worldwide—including more than 200,000 in the U.S.  \r\n To disrupt the botnet, the FBI redirected Qakbot traffic to Bureau-controlled servers that instructed infected\r\ncomputers to download an uninstaller file. This uninstaller—created to remove the Qakbot malware—\r\nuntethered infected computers from the botnet and prevented the installation of any additional malware. \r\n \"All of this was made possible by the dedicated work of FBI Los Angeles, our Cyber Division at FBI\r\nHeadquarters, and our partners, both here at home and overseas,\" said Wray. \"The cyber threat facing our nation is\r\ngrowing more dangerous and complex every day. But our success proves that our own network and our own\r\ncapabilities are more powerful.\"\r\nSource: https://www.fbi.gov/news/stories/fbi-partners-dismantle-qakbot-infrastructure-in-multinational-cyber-takedown\r\nhttps://www.fbi.gov/news/stories/fbi-partners-dismantle-qakbot-infrastructure-in-multinational-cyber-takedown\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia",
		"ETDA"
	],
	"references": [
		"https://www.fbi.gov/news/stories/fbi-partners-dismantle-qakbot-infrastructure-in-multinational-cyber-takedown"
	],
	"report_names": [
		"fbi-partners-dismantle-qakbot-infrastructure-in-multinational-cyber-takedown"
	],
	"threat_actors": [],
	"ts_created_at": 1775434956,
	"ts_updated_at": 1775791288,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d8242e2a5f586b4f67c1dd442c3d28deb0cd7b94.pdf",
		"text": "https://archive.orkl.eu/d8242e2a5f586b4f67c1dd442c3d28deb0cd7b94.txt",
		"img": "https://archive.orkl.eu/d8242e2a5f586b4f67c1dd442c3d28deb0cd7b94.jpg"
	}
}