Risky Bulletin Newsletter
August 30, 2023
Risky Biz News: FBI takes down and mass-uninstalls Qakbot botnet
Presented by

News Editor
The FBI has seized server infrastructure that hosted the Qakbot botnet and mass-uninstalled the malware from infected systems.
Also known as Qbot and Pinkslipbot, the botnet has been active since 2008. It initially launched as a banking trojan but changed to operating as a "loader" in the mid-2010s, infecting systems via malspam campaigns and then selling access to infected systems to other cybercrime groups.
Over the past three years, Qakbot has served as an initial entry point for many ransomware attacks. Groups that have worked with Qakbot include the likes of Conti, ProLock, Egregor, REvil, MegaCortex, and Black Basta.