Ethical Hacking News
The FBI has successfully removed a China-linked PlugX malware from over 4,200 US computers in a multi-month law enforcement operation. This operation highlights the collaborative efforts between international partners to combat cyber threats. The eradication of this malware underscores the importance of sustained efforts in cybersecurity and international cooperation against evolving cyber threats.
The FBI removed PlugX malware from over 4,200 computers across the US. The operation was conducted with international partners, including French law enforcement and Sekoia.io. The malware was linked to a China-based threat actor known as Mustang Panda (Twill Typhoon). The PlugX variant spread through USB flash drives, making it highly contagious. The operation deleted the malware from US-based systems with court authorizations. The successful removal highlights international cooperation and cybersecurity efforts.
The Federal Bureau of Investigation (FBI) has successfully removed a malicious piece of code known as PlugX malware from over 4,200 computers located within the networks of various organizations across the United States. This operation was conducted in conjunction with international partners, including French law enforcement and cybersecurity firm Sekoia.io, who played a pivotal role in discovering how to send commands to infected hosts that would wipe out the malicious software.
The PlugX malware is believed to have been operated by a China-linked threat actor, known as Mustang Panda (also referred to as Twill Typhoon), which was tasked with stealing sensitive information from victim computers. According to court documents, the Chinese government had allegedly paid Mustang Panda to develop and deploy this malware since 2014, targeting U.S., European, and Asian entities.
The PlugX variant targeted by the international operation supports wormable capabilities that allowed it to spread through USB flash drives, making it a highly contagious and resilient piece of malware. French law enforcement agency gained access to the Command and Control (C2) server used to control the malware, which allowed them to send commands to infected computers. These commands included self-delete functionality that instructed the malware to delete specific files created by PlugX on the victim's computer.
The FBI, in collaboration with international partners, conducted a multi-month law enforcement operation to remove PlugX infections from U.S.-based systems. They received court authorizations for the deletion of the malware from U.S.-based computers as part of this operation. The last of these warrants expired on January 3, 2025, thereby concluding the U.S. portions of the operation.
In total, the operation deleted PlugX malware from approximately 4,258 U.S.-based computers and networks. This successful operation serves as a testament to the collaborative efforts between law enforcement agencies around the world in combating cyber threats.
The use of plugX malware by Mustang Panda highlights the evolving nature of cyber attacks, where threat actors continue to adapt their tactics, techniques, and procedures (TTPs) to evade detection and stay ahead of security measures. The eradication of this malware underscores the importance of international cooperation and the need for sustained efforts in cybersecurity.
Related Information:
https://securityaffairs.com/173073/malware/fbi-deleted-china-linked-plugx-malware-from-over-4200-us-computers.html
https://www.justice.gov/opa/pr/justice-department-and-fbi-conduct-international-operation-delete-malware-used-china-backed
https://techcrunch.com/2025/01/14/doj-confirms-fbi-operation-that-mass-deleted-chinese-malware-from-thousands-of-us-computers/
Published: Tue Jan 14 18:12:27 2025 by llama3.2 3B Q4_K_M
