From: lessgovt@gmail.com   
      
   International Operation Disrupts ‘Botnet’ Army Behind Damaging Cyberattacks   
   By Dustin Volz, Aug. 29, 2023, WSJ   
   WASHINGTON—An international law-enforcement operation has dismantled a   
   network of hundreds of thousands of computers that criminals used to launch   
   cyberattacks against critical industries worldwide, U.S. authorities said   
   Tuesday.   
      
   Investigators in the U.S., U.K., France, Germany, the Netherlands, Romania and   
   Latvia took aim at a notorious strain of malware known as Qakbot that had   
   infected more than 700,000 computers, took control of them and enabled them to   
   be leased out to    
   criminal gangs to facilitate more cyberattacks. Justice Department officials   
   said the so-called botnet was used in ransomware attacks, financial and elder   
   fraud, data theft, and more, and caused hundreds of millions of dollars in   
   damage. Authorities said    
   they had developed a tool that excised the malware from victim computers, and   
   had seized nearly $9 million in stolen cryptocurrency related to use of Qakbot.   
      
   The campaign, known as Operation Duck Hunt, “put an end to what has been   
   described as one of the most devastating cybercriminal tools in history,”   
   Donald Alway, a senior official at the Federal Bureau of Investigation’s Los   
   Angeles field office,    
   told reporters.   
      
   Qakbot, which security researchers say has been around since at least 2007,   
   has in recent years been used by ransomware gangs to gain entry into computer   
   networks. Known as a “malware loader,” Qakbot would help assailants breach   
   a computer’s    
   defenses and deploy other malware that engineered cyberattacks like   
   ransomware.    
      
   Qakbot is the most popular malware loader in use, accounting for 30% of cases   
   involving a loader, according to U.S.-based cybersecurity firm ReliaQuest.   
   Security firms have described Qakbot as among the longest-running and most   
   damaging botnets ever    
   assembled.   
      
   Officials declined on Tuesday to identify the gang responsible for Qakbot’s   
   initial deployment, saying the investigation is ongoing. Qakbot has been under   
   investigation by the FBI since at least 2011, an FBI official said.   
      
   U.S. officials did name several ransomware groups that have rented Qakbot to   
   support their extortion campaigns. Among them was Conti, a group linked to   
   Russia that security analysts describe as one of the most prolific and feared   
   cybercriminal groups in    
   the world, responsible for stealing hundreds of millions of dollars by   
   shutting down emergency rooms, city governments and public schools since 2018.   
      
   Operation Duck Hunt represents the latest in a string of campaigns by the   
   Federal Bureau of Investigation and Justice Department to disrupt cyberattacks   
   rather than merely arresting or indicting hackers. Senior officials have   
   likened the evolution, which    
   has been slowly building for years but has grown as a priority over the last   
   couple of years, as akin to the mission after the Sept. 11, 2001, attacks to   
   thwart terrorist plots before they occur.   
      
   “The FBI led a worldwide joint, sequenced operation that crippled one of the   
   longest-running cybercriminal botnets,” FBI Director Christopher Wray said   
   Tuesday. “With our federal and international partners, we will continue to   
   systematically target    
   every part of cybercriminal organizations, their facilitators, and their   
   money—including by disrupting and dismantling their ability to use illicit   
   infrastructure to attack us.”   
      
   Some security experts applauded the takedown but doubted it would have a   
   serious long-term impact on cybercrime.   
      
   “These groups will recover and they will be back,” said Sandra Joyce, vice   
   president of Mandiant Intelligence at Alphabet’s Google Cloud unit. “But   
   we have a moral obligation to disrupt these operations whenever possible.”   
      
   https://www.wsj.com/politics/national-security/international-ope   
   ation-disrupts-botnet-army-behind-damaging-cyberattacks-622275c2   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)