2023-08-29 20:26:15
Home Tech / Web Internet security Cyberattacks
Investigators were able to establish that the modus operandi was to deploy malware on computers. Once infected, cybercriminals demanded ransoms in cryptocurrency.
Published on 08/29/2023 22:26
Reading time: 1 min.
The section for the fight once morest organized cybercrime (Junalco) of the Paris public prosecutor’s office supervised the French part of the investigation. (Illustrative photo) (ANNETTE RIEDL / DPA)
The Qakbot malicious network (also called Qbot or Pinkslipbot) was dismantled on Saturday August 26 thanks to an international operation involving France, franceinfo learned on Tuesday August 29 via a press release from the Paris prosecutor’s office. The operation also resulted in the seizure of $8.6 million in cryptocurrencies.
>> REPORT. Cyberattacks: how do CyberGEND investigators track down hackers?
Behind this international operation, the police and judicial authorities of the United States, Germany, the Netherlands and France. The prosecutor specifies that the section for the fight once morest organized cybercrime (Junalco) of the Paris prosecutor’s office supervised the French part.
700,000 computers infected worldwide
The modus operandi of the cybercriminals was to “deploy their Qakbot malware through cyber phishing [le fait de demander à un particulier des informations personnelles via un mail d’apparence légitime par exemple] on targeted computers”. Once this step was completed, cybercriminals implanted malicious software, such as ransomware [logiciel de rançon], in machines. All of the infected computers were then connected together in the form of a network (botnet) “may be sold as such to other cybercriminals”. It was at that time that “these were able to demand ransoms in crypto-currencies, without the victims even being aware beforehand of being infected”.
In total, the investigators were able to establish that more than 700,000 machines in the world, including 26,000 in France “have at one time or another been infected”. It should also be noted that six servers out of the 170 behind the “bot” were “on French territory”.
The Dutch police have put a site online to find out if his machine is infected. “If your operator contacts you, it means that you have at some point been infected”. The prosecution specifies that the people who appear on these lists of victims can go to the site cybermalveillance.gouv.fr.
View comments
Share: the article on social networks
1693350363
#international #operation #involving #France #dismantles #malicious #network #cybercriminals #seizes #million #worth #cryptocurrencies