FBI and Justice Department Collaborate with International Partners to Remove PlugX Malware from Thousands of U.S. Computers in a Global Operation
Breaking News

FBI and Justice Department Collaborate with International Partners to Remove PlugX Malware from Thousands of U.S. Computers in a Global Operation

In a groundbreaking announcement today, the U.S. Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI) revealed the successful conclusion of a multi-month global operation aimed at removing malware from thousands of infected computers worldwide.

The operation, carried out in partnership with international law enforcement, focused on the infamous “PlugX” malware, which was linked to a Chinese hacker group known as Mustang Panda, also called “Twill Typhoon” in the private sector.

This malware allowed the hackers to infiltrate, control, and steal sensitive data from victim computers.

How the Operation Unfolded

Court documents from the Eastern District of Pennsylvania shed light on the scope and tactics used by the Mustang Panda group.

According to these documents, the People’s Republic of China (PRC) had been sponsoring the hackers since at least 2014, hiring them to develop a specialized version of PlugX malware.

The malware was then used in numerous cyberattacks targeting not only U.S. victims but also European and Asian governments, businesses, and even Chinese dissident groups.

Despite cybersecurity alerts over the years, many users remained unaware of the ongoing infection on their computers.

The operation, authorized by the courts, primarily focused on eradicating the PRC-backed version of PlugX from U.S.-based computers.

By doing so, the DOJ and FBI successfully disrupted the hackers’ ability to continue their cyber intrusions.

Strong Partnerships Help Combat Global Cyber Threats

Assistant Attorney General Matthew G. Olsen of the DOJ emphasized the importance of international collaboration in tackling cyber threats, noting that the operation’s success was made possible by strong partnerships with global allies.

“This operation, like others targeting Chinese and Russian hacking groups, demonstrates our commitment to countering malicious cyber activity,” Olsen said.

The FBI’s Cyber Division Assistant Director, Bryan Vorndran, echoed this sentiment, stating, “Our partnership with French law enforcement was vital in protecting U.S. computers from further compromises by state-sponsored hackers from China.”

Scope of the Operation and Results

This international cyber operation was led by French law enforcement in collaboration with Sekoia.io, a French-based cybersecurity company. Sekoia.io had identified the ability to issue commands that could delete the PlugX malware from infected devices.

After testing and confirming the effectiveness of these commands, the DOJ and FBI obtained warrants to authorize the deletion process.

Between August 2024 and January 2025, they successfully removed the malware from 4,258 U.S.-based computers and networks.

As of January 3, 2025, the court-issued warrants expired, marking the conclusion of the U.S. portion of the operation.

The FBI is now working with Internet Service Providers (ISPs) to notify U.S. owners of the infected computers.

Global Cooperation Plays Key Role in Operation’s Success

U.S. Attorney Jacqueline Romero for the Eastern District of Pennsylvania praised the operation’s outcome, calling it a demonstration of the U.S.’s resolve to protect national cybersecurity.

“This wide-ranging hack and long-term infection shows the recklessness of PRC state-sponsored hackers,” she said. “Working alongside international and private-sector partners, we’ve successfully deleted this dangerous malware from thousands of U.S. systems.”

 

This article was published on TDPel Media. Thanks for reading!

Share on Facebook «||» Share on Twitter «||» Share on Reddit «||» Share on LinkedIn