Philadelphia
AI Assisted Icon
Published on January 14, 2025
Cyber Sweep Victory as U.S. and French Forces Dismantle Chinese PlugX Malware MenaceSource: Unsplash/ Rohan

The Justice Department and FBI have successfully removed the "PlugX" malware from thousands of infected computers worldwide in a major cybersecurity operation. The operation targeted a hacking group backed by the People's Republic of China (PRC), known as "Mustang Panda," which has been using the malware for espionage since at least 2014, according to the U.S. Attorney's Office release.

Many computer owners were unaware they had been infected with PlugX until the operation was revealed. U.S. Attorney Jacqueline C. Romero emphasized the threat posed by PRC-sponsored hackers, saying, "This wide-ranging hack and long-term infection of thousands of Windows-based computers, including many home computers in the United States, demonstrates the recklessness and aggressiveness of PRC state-sponsored hackers," in the same release. Romero also highlighted the collaboration with international and private sector partners as part of a broader effort to protect U.S. cybersecurity.

French law enforcement, Sekoia.io, and the FBI worked together to remove the malware. Sekoia.io discovered a method to send deletion commands, which the FBI tested and executed. The operation successfully removed PlugX from an estimated 4,258 computers in the U.S.

The FBI is notifying affected U.S. citizens through their internet service providers. "The FBI worked to identify thousands of infected U.S. computers and delete the PRC malware on them. The scope of this technical operation demonstrates the FBI’s resolve to pursue PRC adversaries no matter where they victimize Americans," said FBI Philadelphia Special Agent in Charge Wayne Jacobs in a statement obtained by the U.S. Attorney's Office.

The FBI is continuing its investigation into Mustang Panda's activities and encourages the public to report compromised devices to the Internet Crime Complaint Center (IC3) or their local FBI field office. The FBI also advises using antivirus software and keeping software up to date to prevent future infections.