FBI takes down one of world's largest botnets with first-time strategy

The Federal Bureau of Investigation has disrupted and dismantled one of the largest botnets in operation as part of an international cybercrime investigation.

Driving the news: FBI Director Christopher Wray announced the bureau had infiltrated and redirected traffic flowing through servers belonging to the Qakbot botnet, which is believed to have allowed hackers to target financial institutions, government contractors and other critical infrastructure.

• The Justice Department also said Tuesday it had seized more than $8.6 million in cryptocurrency profits from Qakbot operations.

Why it matters: Malicious actors use botnets — or a network of computers where they've installed malware to give them control of the device — as a foothold to launch ransomware and other kinds of cyberattacks.

• Disrupting a botnet can stymie any attacks hackers had up their sleeves, leaving them to rebuild their operations.

What they're saying: "The botnet's infrastructure enabled the most prolific ransomware groups — groups like Conti and ProLock — to cause losses in the hundreds of millions to businesses around the world," Wray said in a video announcement.

Details: The FBI said it identified more than 700,000 computers worldwide that actors infected with the Qakbot malware, including more than 200,000 in the United States.

• The bureau infiltrated Qakbot's servers, redirected their traffic to Bureau-controlled servers and downloaded a malware uninstaller file onto each device as part of the operation.
• The uninstaller also prevents the installation of any additional malware onto these devices, the bureau said.

• The disruption campaign took place on devices in the U.S., France, Germany, the Netherlands, Romania, Latvia, and the U.K.

The big picture: Qakbot's financial impact on businesses has been heavy. Between October 2021 and April 2023, the botnet's administrators had received roughly $58 million in ransoms paid by victims during attacks, according to the DOJ.

Between the lines: Wray noted that this is the first time the FBI has used this technique in its operations, and the bureau partnered with both private sector and international law enforcement on the takedowns.

• Before today's announcement, only the Pentagon's U.S. Cyber Command had carried out a botnet disruption of this kind.

Yes, but: Botnet disruptions don't last forever, and Qakbot's operators are expected to attempt to rebuild their networks.