General Overview

The FBI announced that it has dismantled a global network of compromised computer devices responsible for extorting millions worldwide. Known as “Qakbot,” this network is among the world’s most infamous “botnets,” remote-controlled computer networks used to launch phishing attacks. These attacks serve as a gateway to introduce ransomware into victims’ systems.

Qakbot played a pivotal role in cyberattacks against various entities both globally and in the United States since it became operational in 2008. In the U.S. alone, Qakbot has been responsible for breaches of East Coast financial institutions, a Midwest government contractor, a West Coast medical device manufacturer, the San Bernardino County Sheriff’s Department, and Prospect Medical Group. This hospital-based attack resulted in emergency room closures across the United States.

U.S. officials estimated that in its decade-plus of operation, Qakbot infected approximately 200,000 U.S. computers and 700,000 worldwide, making the takedown of this network a significant victory in the ongoing battle against cyber threats.¹


At the same time, a number of incidents underscored the persistent threat posed by state-sponsored actors in cyberattacks targeting critical infrastructure and businesses.

Polish intelligence is probing a cyberattack on the nation’s railways that disrupted traffic in the northwest. Hackers infiltrated railway frequencies, causing trains in the region to stop abruptly. The signals carried Russia’s national anthem and a speech by Vladimir Putin. Poland’s significance as a transit corridor for Western weapons destined for Ukraine adds geopolitical context to the attack.²

Meanwhile, the notorious Russian ransomware group, LockBit, threatened a dark web leak of internal data from The Weather Network’s parent company after crippling the Canadian firm’s operations. The incident disrupted services for users of apps for the Weather Network, French-language MétéoMédia, and El Tiempo, based in Spain. The hack even impacted the ability of newspapers like The Globe and Mail to publish weather forecasts for several days.³

And U.S. and Japanese authorities cautioned about state-sponsored hackers linked to China manipulating router software to target government, technology, telecommunications, and defence in various nations. The group, known as BlackTech, infiltrates international subsidiaries’ networks to gain undetected access to U.S. and Japanese company headquarters. BlackTech employs various techniques to remain hidden, including utilizing legitimate tools within the victim’s environment (known as “living off the land”).⁴

Company Specific Updates

CrowdStrike Holdings, Inc

CrowdStrike has unveiled the AWS & CrowdStrike Cybersecurity Startup Accelerator, to nurture disruptive cybersecurity startups across Europe, the Middle East, and Africa (EMEA). This accelerator program seeks to empower the next generation of cybersecurity innovators in these regions.

Source: Crowdstrike

Selected startups will benefit from a tailored support system, including mentorship, technical guidance, and valuable partnership prospects. These resources will be made available through the AWS Startup Loft Accelerator program.

Moreover, promising early-stage cybersecurity ventures stand to gain financial backing from the CrowdStrike Falcon Fund, an influential cross-stage investment fund in the cybersecurity domain. Its overarching objective is cultivating a network of future security leaders united by a shared mission and allowing CrowdStrike clients to harness cutting-edge third-party capabilities.⁵

Netcompany Group A/S

Netcompany has initiated a strategic partnership by acquiring a 20% stake in Festina Finance, a prominent FinTech company based in Denmark. Festina Finance specializes in cutting-edge software solutions for the Life and Pension industry, primarily serving clients in Denmark and the Netherlands. This partnership will expand Festina Finance’s market reach and significantly enhance Netcompany’s offerings within the financial technology space.


Festina Finance’s advanced software is widely used for advisory purposes by over 20 member banks in Denmark and several building societies in the U.K. With this investment, Netcompany aims to broaden its expertise in the financial services industry, including insurance, life pension, and banking, aligning with its strategic goals for increased presence in this sector. Additionally, Netcompany’s expertise in cybersecurity will bolster customer confidence in Festina Finance’s large-scale IT projects.⁶

CYBR ETF: Diversified Investing in Cybersecurity

A cybersecurity ETF offers a great alternative to gaining exposure to this industry without being locked into any single security, and without the hassle of hand-picking individual stocks. ETFs allow you to diversify by investing in multiple companies in multiple markets, ensuring that a single market shock won’t tank your portfolio.

Canada’s first cybersecurity ETF, Evolve Cyber Security Index Fund (TSX Ticker: CYBR), invests in global companies involved in the cyber security industry. For more information, visit the fund page here:

Portfolio Strategy and Activity 

For the month, Darktrace PLC made the largest contribution to the Fund, followed by CrowdStrike Holdings, Inc and Netcompany Group A/S. The largest detractors to performance for the month were Trend Micro Inc, followed by BlackBerry Ltd and NEXTDC Ltd.



  1. Murphy, M., “FBI Dismantles a Malware System That Took Millions in Ransom,” Bloomberg, August 29, 2023;
  2. “Poland investigates cyber-attack on rail network,” BBC News, August 26, 2023;
  3. Durrani, T., “Russian ransomware LockBit threatens to leak internal data from The Weather Network on dark web,” The Globe and Mail, September 22, 2023;
  4. Tarabay, J. & Manson, K., “US, Japan Warn of China-Linked Hackers Hiding in Router Software,” Bloomberg, September 27, 2023;
  5. “CrowdStrike Launches Startup Accelerator with AWS to Support Next Generation of Cloud-Native Cybersecurity Companies,” Yahoo Finance, September 27, 2023;
  6. “Netcompany acquires a 20% stake in leading FinTech company to form a strategic partnership,” Netcompany, September 7, 2023;
The contents of this blog are not to be used or construed as investment advice or as an endorsement or recommendation of any entity or security discussed. These contents are not an offer or solicitation of an offer or a recommendation to buy or sell any securities or financial instrument, nor shall it be deemed to provide investment, tax or accounting advice. The information contained herein is intended for informational purposes only.
Commissions, management fees and expenses all may be associated with exchange traded funds (ETFs) and mutual funds (funds). Please read the prospectus before investing. ETFs and mutual funds are not guaranteed, their values change frequently, and past performance may not be repeated. There are risks involved with investing in ETFs and mutual funds. Please read the prospectus for a complete description of risks relevant to ETFs and mutual funds. Investors may incur customary brokerage commissions in buying or selling ETF and mutual fund units.
Certain statements contained in this blog may constitute forward-looking information within the meaning of Canadian securities laws. Forward-looking information may relate to a future outlook and anticipated distributions, events or results and may include statements regarding future financial performance. In some cases, forward-looking information can be identified by terms such as “may”, “will”, “should”, “expect”, “anticipate”, “believe”, “intend” or other similar expressions concerning matters that are not historical facts. Actual results may vary from such forward-looking information. Evolve Funds undertakes no obligation to update publicly or otherwise revise any forward-looking statement whether as a result of new information, future events or other such factors which affect this information, except as required by law.

Tags botnet  ChatGPT  Crowdstrike  cyberattack  cybersecurity  CYBR etf  data centers  Hackers  lockbit  netcompany  Palo Alto Networks  qakbot  ransomware  tech