Qakbot Resurfaces with Stealthier Tactics After FBI Takedown In August 2023, the FBI and international partners dismantled Qakbot (also known as Qbot), a notorious malware operation linked to over 700,000 global infections—including 200,000 in the U.S.—and $58 million in ransomware losses. Dubbed "Operation Duck Hunt," the crackdown seized 52 servers and $8.6 million in cryptocurrency, marking one of the Justice Department’s most significant botnet takedowns. However, the victory was short-lived. By November 2023, Qakbot resurfaced with a more deceptive strategy. Instead of traditional phishing, the group—allegedly led by Russian national Rustam Rafailevich Gallyamov—adopted "spam bomb attacks." These floods of unwanted subscription emails overwhelmed employees, after which attackers posed as IT staff, tricking victims into executing malicious code. Once inside, the malware enabled data theft, encryption, and ransomware deployment, often in collaboration with groups like REvil, Black Basta, and Conti. In April 2025, authorities seized an additional $700,000 and 30 bitcoins tied to Gallyamov, but he remains at large in Russia, beyond U.S. jurisdiction. The case underscores the resilience of cybercriminal operations, even after high-profile disruptions. Qakbot’s evolution highlights the persistent threat of malware-as-a-service models, where attackers continuously adapt to evade law enforcement.