2025-01-17 16:36:15 Pacfic
DOJ Removes China's PlugX Malware from US Computers - 1d
The U.S. Department of Justice, working with the FBI, has successfully removed the PlugX malware from over 4,250 infected computers within the United States. This multi-month operation targeted the command and control infrastructure used by hackers linked to the People's Republic of China (PRC). PlugX, a remote access trojan (RAT), has been used by the group known as Mustang Panda, or Twill Typhoon, since 2014, to infiltrate systems and steal information from victims across the U.S., Europe, and Asia, as well as Chinese dissident groups. The Justice Department obtained court orders to authorize the operation and eliminate the malware, which is known for its capability to remotely control and extract information from compromised devices. This action aimed to disrupt the ability of state-sponsored cyber threat actors from further malicious activities on affected networks.
The removal of PlugX involved a self-delete command that was developed by French cybersecurity firm Sekoia. The FBI tested the method before deploying it. This command deleted the malware from infected computers without impacting their legitimate functions or collecting any further content. The operation was conducted in partnership with French law enforcement, which also identified a botnet of infected devices in its own investigation. This international cooperation highlights the ongoing efforts to counteract nation-state cyber threats and protect U.S. cybersecurity. The owners of the affected devices have been notified of the actions through their internet service providers.
ImgSrc: cms.therecord.media
References:
- ciso2ciso.com - FBI Wraps Up Eradication Effort of Chinese ‘PlugX’ Malware - 1d
- Threats | CyberScoop - Law enforcement action deletes PlugX malware from thousands of machines - 1d
- The Hacker News - FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation - 1d
- therecord.media - The Record reports DOJ deletes China-linked PlugX malware. - 1d
- Privacy Guides Community - Latest topics - FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation - 1d
- Vulnerability Archives ? Cybersecurity News - “PlugX” Malware Deleted from Thousands of Computers in Global Operation - 1d
- www.justice.gov - Justice Department and FBI Conduct International Operation to Delete Malware Used by China-Backed Hackers - 1d
- SCM feed for Threat Management - Widespread PlugX malware compromise eradicated in law enforcement operation - 1d
- Security Archives - Security Affairs - FBI deleted China-linked PlugX malware from over 4,200 US computers - 1d
- CyberInsider - FBI Neutralizes PlugX Malware on 4,200 Computers in the U.S. - 1d
- securityboulevard.com - Security Boulevard article on FBI Deletes PlugX Malware From Computers Infected by China Group - 20h
- securityonline.info - “PlugX” Malware Deleted from Thousands of Computers in Global Operation - 20h
- www.helpnetsecurity.com - FBI removed PlugX malware from U.S. computers - 20h
- The Verge - All Posts - FBI hacked thousands of computers to make malware uninstall itself - 19h
- Malware Analysis, News and Indicators - Latest topics - PlugX malware deleted from thousands of systems by FBI - 10h
- Malwarebytes - Malwarebytes blog post on PlugX malware deleted from thousands of systems by FBI. - 10h
- www.bleepingcomputer.com - BleepingComputer reports on FBI wipes Chinese PlugX malware from over 4,000 US computers - 10h
- www.techmeme.com - The US says the FBI hacked ~4.2K devices in the US to delete PlugX, malware used by China-backed hackers since 2014, after obtaining warrants in August 2024 (Carly Page/TechCrunch) - 7h
Classification:
- HashTags: PlugX CyberAttack DOJ
- Company: US DOJ
- Target: US Computers
- Attacker: China
- Product: PlugX malware
- Feature: malware removal
- Type: Malware
- Severity: Major