惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

美团技术团队
W
WeLiveSecurity
Stack Overflow Blog
Stack Overflow Blog
L
LangChain Blog
S
SegmentFault 最新的问题
Apple Machine Learning Research
Apple Machine Learning Research
Google DeepMind News
Google DeepMind News
F
Full Disclosure
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
The Register - Security
The Register - Security
G
Google Developers Blog
C
Check Point Blog
GbyAI
GbyAI
A
About on SuperTechFans
V
Vulnerabilities – Threatpost
T
The Blog of Author Tim Ferriss
T
Tor Project blog
AWS News Blog
AWS News Blog
Cyberwarzone
Cyberwarzone
C
CERT Recently Published Vulnerability Notes
MongoDB | Blog
MongoDB | Blog
Latest news
Latest news
aimingoo的专栏
aimingoo的专栏
U
Unit 42
Y
Y Combinator Blog
P
Privacy International News Feed
Cisco Talos Blog
Cisco Talos Blog
S
Securelist
S
Schneier on Security
雷峰网
雷峰网
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Attack and Defense Labs
Attack and Defense Labs
P
Proofpoint News Feed
C
Cisco Blogs
Webroot Blog
Webroot Blog
T
Troy Hunt's Blog
Google Online Security Blog
Google Online Security Blog
月光博客
月光博客
P
Privacy & Cybersecurity Law Blog
Security Archives - TechRepublic
Security Archives - TechRepublic
罗磊的独立博客
Cloudbric
Cloudbric
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Hacker News: Ask HN
Hacker News: Ask HN
H
Hackread – Cybersecurity News, Data Breaches, AI and More
博客园 - 司徒正美
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Microsoft Security Blog
Microsoft Security Blog

Threat Intelligence Blog | Flashpoint

Understanding Illicit Ecosystems: How Dark Web Forums Structure Cybercrime AI, Trust, and the Future of Threat Intelligence Remus Stealer: A New, Not-So-New Infostealer America250 Fourth of July Threat Assessment Unmasking the Digital Trail: Essential Techniques for Vetting AI-Generated Content The Shift to Threat-Informed Prioritization: Operationalizing CISA BOD 26-04 Identity Is the New Attack Surface: How Infostealers Are Reshaping Enterprise Risk Understanding Illicit Ecosystems: Weaponizing Mainstream Apps and Social Infrastructure Connecting Vulnerability Intelligence to Real-World Exposure With Flashpoint EASM Understanding Illicit Ecosystems: XSS and the Current State of the Russian-Speaking Underground How to Align and Measure Threat Intelligence Operations: Flashpoint Priority Intelligence Requirements The Mini Shai-Hulud Worm and the New Era of CI/CD Exploitation Understanding Illicit Ecosystems: The Hybrid Threat of “The Com” AI Threat Report: How Artificial Intelligence Is Used Across Illicit Communities How Mergers and Acquisitions Expand Your Attack Surface Overnight The Evolution of the Geotag: How AI is Bridging the Gap in Location-Based OSINT Navigating the Threat Landscape of the 2026 FIFA World Cup Inside the 2026 Cyber Threat Landscape: Data-Driven Security Priorities Flashpoint MCP Server: Operationalizing Cyber Threat Data for Agentic AI Security Workflows 2026 Gartner® Magic Quadrant™ for Cyber Threat Intelligence: Key Takeaways for Security Leaders Escalation in the Middle East: Tracking “Operation Epic Fury” Across Military and Cyber Domains How to Build and Operationalize Priority Intelligence Requirements National Vulnerability Database (NVD) Shifts to Selective Enrichment as CVE Volume Surges Flashpoint Surpasses Cataloging 7,000 Known Exploited Vulnerabilities as Disclosure Volume Accelerates Why Intelligence Requirements Fall Flat and How to Fix Them with a Practical Priority Intelligence Requirements Framework The Phishing-as-a-Service Pipeline: How a Scalable Fraud Ecosystem Is Driving Global Attacks Tax Refund Fraud in 2026: How Threat Actors Exploit Identity, Verification, and Cash-Out Channels The Language of Emojis in Threat Intelligence: How Adversaries Signal, Obfuscate, and Coordinate Online What the NVD ‘Slowdown’ Means For You: How to Stay Ahead in Vulnerability Management Forrester Threat Intelligence Landscape: Key Takeaways for Security Leaders Connecting Threat Intelligence to Decision-Making: How Flashpoint Is Operationalizing Intelligence in 2026 Iran-Aligned Militias Signal Expanded Regional Risk Amid US–Israel–Iran Conflict Destructive Activity Targeting Stryker Highlights Emerging Supply Chain Risks Navigating 2026’s Converged Threats: Insights from Flashpoint’s Global Threat Intelligence Report What to Know About the Notepad++ Supply-Chain Attack Cyber Threat Intelligence Index: Q3 2023 Edition Beyond Hamas: Militant and Terrorist Groups Involved in the October 7 Attack on Israel The First 72 Hours of the Israel-Hamas War: Hamas and PIJ Activity on Telegram About Us Unmasking the Attacker and Decoding Threat Actor Patterns The Flashpoint Firehose: 5 Questions With Michael Raypold, VP of Engineering The Seven Phases of a Ransomware Attack: A Step-by-Step Breakdown of the Attack Lifecycle Lost in Transition: A Timeline of Failed Successors to Breach and Raid Forums Days of Chaos: How OSINT Helps Us Understand the Putin-Prigozhin Schism Lessons From Clop: Combating Ransomware and Cyber Extortion Events How to Combat Check Fraud: Leveraging Intelligence to Prevent Financial Loss Beyond Gates and Alarms: The Scope and Impact of Physical Security Intelligence Why We Built Flashpoint Ignite: Unity, Power, and Performance The Risk-Reducing Power of Flashpoint Video Search Card Shop Threat Landscape: BidenCash Dumps 2.1M Stolen Credit Cards Flashpoint in 2023: A Note From Our CEO 5 Reasons Taiwan Is a Growing Source of US-China Tension Why We Acquired Echosec Systems: The OSINT Revolution Open Source Intelligence
Qakbot Takedown: A Brief Victory in the Fight Against Resilient Malware
Ian Gray · 2023-08-31 · via Threat Intelligence Blog | Flashpoint

Qakbot takedown and seizure

A global law enforcement operation has successfully disrupted the infrastructure of the Qakbot botnet, striking a major—though likely temporary—blow to a dominant player in the cybercriminal underground supply chain. 

Qakbot, familiarly Qbot, has been a major cyber threat since 2007, infecting victims’ computers to steal financial information and distribute additional malware payloads like ransomware. As a result of the takedown, more than 700,000 infected devices worldwide were identified and cleaned of the malware. The DOJ also announced the seizure of $8.6M in cryptocurrency in illicit profits.

While there is no doubt that the Qakbot takedown is a major win in the fight against cybercrime, it may only provide short-term relief in the fight against a notoriously resilient cybercriminal ecosystem.

‘Swiss Army knife’

A Swiss Army knife of cybercrime tools, Qakbot was a complex malware that opened remote access to victims’ systems, stole credentials and financial information, and downloaded additional malware payloads. Its modular architecture enabled frequent updates to add new capabilities over its 15+ years of operation.

“The collaborative endeavors of these authoritative bodies exemplify the power of a comprehensive, multi-agency approach, designed to maximize its impact..”

Ian Gray, VP Of Intelligence

Qakbot has been a versatile workhorse for cybercriminals. Its banking trojan functionality has been used to pilfer payment information and intercept financial transactions. As a loader, it distributed ransomware such as ProLock to extort victims.

Qakbot has also powered large-scale spam email campaigns and brute force attacks. Its worm-like spreading kept it entrenched in infected networks. By providing the backdoor access and distribution channel for other malware, Qakbot played a key supporting role in the cybercrime ecosystem. Botnets like Emotet and TrickBot operated similarly, loading additional threats onto compromised systems. These jack-of-all-trades botnets have proven lucrative for their criminal operators.

A history of temporary relief

Prior botnet takedowns like Emotet and TrickBot have shown that sophisticated malware operations can often rebuild infrastructure and return from disruptions in new forms.

In the case of Emotet, the botnet came back online in 2022 using new techniques after its infrastructure was dismantled in 2021. TrickBot also persisted despite takedown attempts and remains an active threat. This resiliency highlights the challenges law enforcement faces in permanently eliminating cyber threats.

While takedowns temporarily degrade capabilities, dedicated cybercriminal groups adapt to avoid further disruption. New malware families also inevitably emerge to fill the gaps left by larger takedowns. For example, BazarLoader and ZLoader rose to prominence as loader malware after the Emotet takedown.

Yet despite their disruptions, resilient botnets often return and new ones emerge. After prior actions against Emotet and TrickBot, the lingering demand in underground markets brought them back in adapted new forms. Bots remain attractive tools for cybercriminals thanks to their versatility, automation, and money generating potential.

While Qakbot’s infrastructure was disrupted, its operators may attempt to rebuild or evolve their techniques. Sustained pressure on botnet financial flows, developer communities, and other aspects of the cybercrime supply chain is needed to deter future attacks. For now, the coordinated Qakbot takedown bought time and degraded the capabilities of a dominant cybercrime player.

The fight against cybercrime must be persistent and comprehensive

The Qakbot takedown was effectively coordinated among global governments, including France, Germany, Latvia, Romania, the Netherlands, the UK, and the US, as well as the private sector. The collaborative endeavors of these authoritative bodies exemplify the power of a comprehensive, multi-agency approach, designed to maximize its impact.

Law enforcement and the private sector should to continue coordinating takedowns while also focusing on detecting new malware variants early, disrupting communication channels, and following the money trails of criminal enterprises.

Cyber hygiene and threat awareness across organizations must also improve to reduce vulnerability to malware infections, including loaders and trojans that distribute threats like Qakbot. Technical controls like endpoint detection, network monitoring, and patching are also key.

Ultimately, defeating cybercrime requires comprehensive strategy across law enforcement operations, cybersecurity practices, and international collaboration. The Qakbot takedown represents meaningful progress, but the world must remain vigilant against an adaptable threat landscape.

Get Flashpoint on your side

Flashpoint Ignite enables organizations to proactively identify and mitigate cyber and physical risk that could imperil people, places, and assets. To unlock the power of great threat intelligence, get started with a free Flashpoint trial.