In a decisive move against Chinese state-sponsored cyber espionage, the U.S. Department of Justice (DOJ) and FBI, in collaboration with international partners, have successfully neutralized a widespread malware threat. This multi-month operation targeted “PlugX” malware, a powerful tool used by the Chinese hacking group known as “Mustang Panda” or “Twill Typhoon” to steal sensitive information from victims worldwide.
As revealed in court documents, this operation marks a significant victory in the fight against cybercrime. The DOJ, with assistance from French law enforcement and private cybersecurity firm Sekoia.io, obtained warrants authorizing the deletion of PlugX from thousands of infected computers in the United States.
U.S. Attorney Jacqueline Romero for the Eastern District of Pennsylvania emphasized this, stating, ““This wide-ranging hack and long-term infection of thousands of Windows-based computers, including many home computers in the United States, demonstrates the recklessness and aggressiveness of PRC state-sponsored hackers. Working alongside both international and private sector partners, the Department of Justice’s court-authorized operation to delete PlugX malware proves its commitment to a ‘whole-of-society’ approach to protecting U.S. cybersecurity.”
The operation focused on a specific version of PlugX developed by Mustang Panda with funding from the Chinese government. This malware has been used in numerous campaigns targeting U.S. victims, European and Asian governments and businesses, and even Chinese dissident groups.
“The Department of Justice prioritizes proactively disrupting cyber threats to protect U.S. victims from harm, even as we work to arrest and prosecute the perpetrators,” said Assistant Attorney General Matthew G. Olsen. “This operation, like other recent technical operations against Chinese and Russian hacking groups like Volt Typhoon, Flax Typhoon, and APT28, has depended on strong partnerships to successfully counter malicious cyber activity.”
The FBI played a crucial role in identifying and remediating infected computers. Assistant Director Bryan Vorndran of the FBI’s Cyber Division stated, “Leveraging our partnership with French law enforcement, the FBI acted to protect U.S. computers from further compromise by PRC state-sponsored hackers. Today’s announcement reaffirms the FBI’s dedication to protecting the American people by using its full range of legal authorities and technical expertise to counter nation-state cyber threats.”
The FBI is now notifying U.S. owners of affected computers through their internet service providers. They also encourage anyone who believes they may have a compromised computer to visit the FBI’s Internet Crime Complaint Center (IC3) or contact their local FBI field office.
Related Posts:
- RedDelta Leverages PlugX Backdoor in State-Sponsored Espionage Campaigns
- Hackers use real FBI email system to send fake cybersecurity warnings
- Global Cyber Collaboration Takes Down PlugX Worm
- France Leads International Effort to Eradicate PlugX Trojan from 3,000 Systems
- PlugX malware: The Enigma of Cyber Espionage Unveiled
