Skip to main content

HKCERT joins with Microsoft and law enforcement to disrupt the Citadel botnet

Release Date: 6 Jun 2013 2851 Views

HKCERT has joined an international collaborative action, codenamed Operation b54 and initiated by Microsoft and US law enforcement, to take down the Citadel family of botnets that are responsible for stealing online banking information and personal credentials for fraudulent purposes.


Botnet is a collection of compromised computers which are infected by malware planted by cybercriminals who then take control of them.


In the present case, the Citadel malware which has stolen over 500 million US dollars worldwide. It is spread via phishing email or social network posting with malicious hyperlinks and malware pretending to be software product key generators.


It disables the victim computers’ firewall and blocks their access to security websites, thus preventing users from updating security signature to detect and remove the malware.


Operation b54 is a collaborative effort of financial institution, technology companies, Internet service providers, law enforcement and computer emergency response teams (CERTs) around the world. The mission is to paralyze the infrastructure of Citadel command and control centres, to locate the infected computers and help them to rid of the malware.


How to detect and remove Citadel Malware



HKCERT will update the public once more information is available.