FlagThis - #DOJ

The U.S. Department of Justice, working with the FBI, has successfully removed the PlugX malware from over 4,250 infected computers within the United States. This multi-month operation targeted the command and control infrastructure used by hackers linked to the People's Republic of China (PRC). PlugX, a remote access trojan (RAT), has been used by the group known as Mustang Panda, or Twill Typhoon, since 2014, to infiltrate systems and steal information from victims across the U.S., Europe, and Asia, as well as Chinese dissident groups. The Justice Department obtained court orders to authorize the operation and eliminate the malware, which is known for its capability to remotely control and extract information from compromised devices. This action aimed to disrupt the ability of state-sponsored cyber threat actors from further malicious activities on affected networks.

The removal of PlugX involved a self-delete command that was developed by French cybersecurity firm Sekoia. The FBI tested the method before deploying it. This command deleted the malware from infected computers without impacting their legitimate functions or collecting any further content. The operation was conducted in partnership with French law enforcement, which also identified a botnet of infected devices in its own investigation. This international cooperation highlights the ongoing efforts to counteract nation-state cyber threats and protect U.S. cybersecurity. The owners of the affected devices have been notified of the actions through their internet service providers.


References :

• ciso2ciso.com: FBI Wraps Up Eradication Effort of Chinese ‘PlugX’ Malware – Source: www.darkreading.com
• Threats | CyberScoop: Law enforcement action deletes PlugX malware from thousands of machines
• The Hacker News: FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation
• therecord.media: The Record reports DOJ deletes China-linked PlugX malware.
• discuss.privacyguides.net: FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation
• securityonline.info: “PlugX” Malware Deleted from Thousands of Computers in Global Operation
• www.justice.gov: Justice.gov press release on international operation to delete PlugX malware.
• www.scworld.com: Widespread PlugX malware compromise eradicated in law enforcement operation
• securityaffairs.com: FBI deleted China-linked PlugX malware from over 4,200 US computers
• CyberInsider: FBI Neutralizes PlugX Malware on 4,200 Computers in the U.S.
• securityboulevard.com: Security Boulevard article on FBI Deletes PlugX Malware From Computers Infected by China Group
• securityonline.info: “PlugX” Malware Deleted from Thousands of Computers in Global Operation
• www.helpnetsecurity.com: FBI removed PlugX malware from U.S. computers
• The Verge: FBI hacked thousands of computers to make malware uninstall itself
• malware.news: PlugX malware deleted from thousands of systems by FBI
• Malwarebytes: Malwarebytes blog post on PlugX removal operation.
• www.bleepingcomputer.com: BleepingComputer reports on FBI wipes Chinese PlugX malware from over 4,000 US computers
• www.techmeme.com: The US says the FBI hacked ~4.2K devices in the US to delete PlugX, malware used by China-backed hackers since 2014, after obtaining warrants in August 2024 (Carly Page/TechCrunch)
• ciso2ciso.com: FBI Wraps Up Eradication Effort of Chinese ‘PlugX’ Malware – Source: www.darkreading.com
• cyberpress.org: Cyberpress.org article about 4,000+ PCs Infected by Chinese Hackers with PlugX Malware

Classification:

• HashTags: #PlugX #CyberAttack #DOJ
• Company: US DOJ
• Target: US Computers
• Attacker: China
• Product: PlugX malware
• Feature: malware removal
• Malware: PlugX
• Type: Malware
• Severity: Major