The United States Department of Justice and the FBI have announced a significant international operation aimed at eliminating "PlugX" malware from thousands of computers worldwide. This malware, attributed to hackers backed by the People's Republic of China (PRC), was removed from over 4,200 infected computers in the U.S. through a court-authorized operation.
The group responsible for deploying this malware is known as "Mustang Panda" or "Twill Typhoon." They have been active since at least 2014, targeting systems across the U.S., Europe, Asia, and Chinese dissident groups. The PRC government allegedly funded these hackers to develop and deploy PlugX.
Assistant Attorney General Matthew G. Olsen emphasized the importance of disrupting cyber threats proactively. He noted that partnerships were crucial in countering malicious activities, praising French government and private sector partners for their role in this operation.
Assistant Director Bryan Vorndran of the FBI's Cyber Division reiterated the agency's commitment to protecting American citizens from state-sponsored cyber threats. U.S. Attorney Jacqueline Romero highlighted the recklessness of PRC-backed hackers and affirmed the Department of Justice's dedication to cybersecurity.
Special Agent Wayne Jacobs said that this operation demonstrated the FBI's resolve to pursue adversaries globally. The operation was led by French law enforcement and Sekoia.io, a France-based cybersecurity company that identified commands capable of deleting PlugX without affecting legitimate computer functions.
The FBI continues to investigate Mustang Panda's activities and encourages individuals with compromised devices to report them via their Internet Crime Complaint Center or local field offices.
