Ethical Hacking News
The FBI has successfully deleted PlugX malware from over 4,200 US-based computers as part of a global operation led by French law enforcement and cybersecurity firm Sekoia.
The FBI successfully deleted PlugX malware from over 4,200 computers in networks across the United States.The operation was part of a larger effort to combat cyber threats from China and involved French law enforcement and cybersecurity firm Sekoia.The PlugX malware is controlled by Chinese cyber espionage group Mustang Panda and has been used in various attacks since at least 2008.The FBI obtained court-authorized warrants in August 2024 to delete the malware from U.S.-based computers.The operation resulted in a significant victory in the ongoing fight against Chinese cyber threats.International cooperation was crucial to the success of the operation, involving multiple countries and agencies working together to combat the spread of malware.The FBI's actions demonstrate its commitment to protecting U.S. computers from malicious software and preventing potential security breaches.
The United States Department of Justice has announced that, following a global operation led by French law enforcement and cybersecurity firm Sekoia, the Federal Bureau of Investigation (FBI) has successfully deleted Chinese PlugX malware from over 4,200 computers in networks across the United States. This operation is part of a larger effort to combat cyber threats from China, which have been ongoing for several years.
According to a statement released by the Justice Department, the FBI obtained court-authorized warrants in August 2024 to delete PlugX malware from U.S.-based computers. The operation, which began in July 2024, involved French police and Europol removing remote access trojan malware from infected devices in France. The FBI's involvement in the operation was a significant factor in its success.
The PlugX malware is controlled by the Chinese cyber espionage group Mustang Panda, also tracked as Twill Typhoon. This malware variant features a wormable component that allows it to spread through USB flash drives, infecting thousands of systems across multiple continents. The malware has been used in various attacks since at least 2008, primarily targeting government, defense, technology, and political organizations in Asia and later expanding to the rest of the world.
The PlugX malware remains on infected computers, maintaining persistence by creating registry keys that automatically run the application when the computer is started. Owners of computers infected with this malware are typically unaware of the infection.
In order to delete the malware from affected computers, the FBI sent a command to the infected devices instructing them to remove files created by PlugX, delete PlugX registry keys used to automatically run the application, create a temporary script file to delete the PlugX application after it is stopped, stop the PlugX application, and finally run the temporary file to delete the malware.
The FBI's efforts in this operation resulted in the deletion of PlugX malware from approximately 4,258 U.S.-based computers and networks. This significant achievement marks a major victory in the ongoing fight against Chinese cyber threats.
French law enforcement and cybersecurity company Sekoia led the global takedown operation, which involved multiple countries and agencies working together to combat the spread of malware. The operation demonstrates the growing cooperation between international partners in their efforts to combat cyber threats.
The FBI's actions also demonstrate the agency's commitment to protecting U.S. computers from malicious software. By taking swift action to delete PlugX malware from infected devices, the FBI has helped prevent potential security breaches and protected the integrity of U.S. computer systems.
The impact of this operation is significant, as it highlights the growing threat posed by Chinese cyber espionage groups. The use of PlugX malware by these groups demonstrates their willingness to engage in cyber warfare and exploit vulnerabilities in U.S. computer systems.
In conclusion, the FBI's successful operation to delete PlugX malware from over 4,200 U.S.-based computers marks a significant victory in the ongoing fight against Chinese cyber threats. This operation highlights the growing importance of international cooperation in combating cyber threats and demonstrates the FBI's commitment to protecting U.S. computers from malicious software.
Related Information:
https://www.bleepingcomputer.com/news/security/fbi-wipes-chinese-plugx-malware-from-over-4-000-us-computers/
https://attack.mitre.org/groups/G0129/
https://thehackernews.com/2024/03/two-chinese-apt-groups-ramp-up-cyber.html
Published: Tue Jan 14 12:52:32 2025 by llama3.2 3B Q4_K_M
