- The FBI and international partners sent a self-destruct command to PlugX malware
- More than 4,000 computers in the US alone were cleaned as a result
- The malware was developed by a Chinese state-sponsored group
French cybersecurity firms and law enforcement agents, together with partners from the United States, have successfully removed Chinese-built malware from thousands of infected PCs.
In a press release shared on the US Justice Department (DoJ) website, it was said a Chinese state-sponsored threat actor called Twill Typhoon (AKA Mustang Panda) built a custom version of the PlugX malware which can “infect, control, and steal information from victim computers.”
“Since at least 2014, Mustang Panda hackers then infiltrated thousands of computer systems in campaigns targeting U.S. victims, as well as European and Asian governments and businesses, and Chinese dissident groups,” the DoJ said.
Kill switch
Mustang Panda is a known Chinese cyber-espionage group previously observed targeting government, academic, and religious organizations, particularly in Southeast Asia, Europe, and the United States.
The group is recognized for its use of spear-phishing campaigns and custom malware, such as the PlugX backdoor, to steal sensitive information. Their activities often align with China’s strategic interests, since they are focused on cyber-espionage and surveillance, rather than profit or disruption.
However, cybersecurity researchers from the French outfit Sekoia.io found a way to communicate through PlugX’s command & control (C2) infrastructure, allowing them to order the malware to self-destruct.
After obtaining the necessary court orders, the researchers, together with the Cyber Division of the Paris Prosecution Office, French Gendarmerie Cyber Unit C3N, the FBI, and the DoJ, ran the campaign and successfully removed the malware from infected computers.
The DoJ said that just in the United States alone, 4,258 were cleansed.
Commenting on the operation, US Attorney Jacqueline Romero for the Eastern District of Pennsylvania, slammed Chinese “reckless” and “aggressive” hackers.
“This wide-ranging hack and long-term infection of thousands of Windows-based computers, including many home computers in the United States, demonstrates the recklessness and aggressiveness of PRC state-sponsored hackers,” she said.
Leave a comment