US Justice Department and FBI Successfully Delete China-Sponsored Malware from Thousands of Devices

Breaking News

The US Justice Department and the FBI announced on January 14 that they have successfully deleted PlugX malware from thousands of devices globally as part of a cooperative effort. The operation, which spanned several months, targeted the work of a group of China-sponsored hackers known as "Mustang Panda" and "Twill Typhoon."

The Malware and Its Origins

The PlugX malware was used by the hacking group to infect victims’ computers and steal their information. According to court documents, the Chinese government paid the hacking group to develop their strain of PlugX. Since 2014, the group has targeted thousands of victims across the US, Europe, and Asia, as well as Chinese dissident groups. Many victims are still unaware their devices remain infected with the malware.

The Operation and Its Outcome

The international operation was led by French law enforcement, with the assistance of a French cybersecurity company, Sekoia.io. Sekoia.io was able to identify and report on the capability to send commands to delete the PlugX version from infected devices. The tactic was tested and deemed viable by the FBI, leading the organization to obtain nine warrants to begin deleting PlugX from US-based computers.

Statement from the US Attorney

"This wide-ranging hack and long-term infection of thousands of Windows-based computers, including many home computers in the United States, demonstrates the recklessness and aggressiveness of [People’s Republic of China] state-sponsored hackers," said US Attorney Jacqueline Romero. "We will continue to work with our international partners to disrupt and dismantle these types of threats."

Conclusion

The successful deletion of PlugX malware from thousands of devices is a significant victory for the US Justice Department and the FBI. The operation highlights the importance of international cooperation in combating cyber threats and the need for vigilance in protecting against state-sponsored hacking.