- FBI and international partners sent self-destruct command to PlugX malware
- As a result, more than 4,000 computers were wiped in the US alone.
- The malware was developed by a Chinese state-sponsored group.
French cybersecurity companies and law enforcement agents, together with partners in the United States, have successfully removed Chinese-created malware from thousands of infected PCs.
In a press release shared on the US Department of Justice (DoJ) website, it was said that a Chinese state-sponsored threat actor called Twill Typhoon (also known as Mustang Panda) created a customized version of the PlugX malware that can “infect, control and steal.” information from the victims’ computers.”
“Since at least 2014, Mustang Panda hackers infiltrated thousands of computer systems in campaigns targeting American victims, as well as European and Asian governments and companies, and Chinese dissident groups,” the Justice Department said.
off switch
Mustang Panda is a well-known Chinese cyberespionage group previously observed targeting government, academic and religious organizations, particularly in Southeast Asia, Europe and the United States.
The group is known for using phishing campaigns and custom malware, such as the PlugX backdoor, to steal sensitive information. Their activities often align with China’s strategic interests, as they focus on cyber espionage and surveillance, rather than profit or disruption.
However, cybersecurity researchers at the French group Sekoia.io found a way to communicate through PlugX’s command and control (C2) infrastructure, allowing them to command the malware to self-destruct.
After obtaining the necessary court orders, the researchers, together with the Cyber Division of the Paris Prosecutor’s Office, the C3N Cyber Unit of the French Gendarmerie, the FBI and the Department of Justice, executed the campaign and successfully removed the malware from the infected computers.
The Department of Justice said that 4,258 were cleared in the United States alone.
Commenting on the operation, U.S. Attorney Jacqueline Romero for the Eastern District of Pennsylvania criticized the Chinese hackers as “reckless” and “aggressive.”
“This wide-ranging attack and the long-term infection of thousands of Windows-based computers, including many home computers in the United States, demonstrates the recklessness and aggressiveness of PRC state-sponsored hackers,” he said. .
