Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The deletion of the Chinese-developed PlugX malware by US law enforcement was part of an international operation against a known PRC-backed hacking group.
The US Department of Justice and the FBI have announced that, via a court-authorised operation, Chinese malware was recently deleted from 4,258 infected computers and networks in the US.
According to court documents, the malware allowed its operators to steal data from infected machines and was spread via attached USB devices. The malware can also gather IP addresses, delete files, and deploy further malware via commands from the threat actor’s command and control infrastructure.
The malware has been in use since at least 2014 and was deployed against both private and public targets in both the US and Europe, as well as known Chinese dissidents throughout south-east Asia.
A group known as Mustang Panda and Twill Typhoon – to security researchers at least – was paid by the People’s Republic of China (PRC) to develop and update the malware.
“The Department of Justice prioritises proactively disrupting cyber threats to protect US victims from harm, even as we work to arrest and prosecute the perpetrators,” Assistant Attorney-General Matthew G. Olsen of the Justice Department’s national security division said in a statement.
“This operation, like other recent technical operations against Chinese and Russian hacking groups like Volt Typhoon, Flax Typhoon, and APT28, has depended on strong partnerships to successfully counter malicious cyber activity. I commend partners in the French government and private sector for spearheading this international operation to defend global cyber security.”
Special agent in charge Wayne Jacobs of the FBI Philadelphia field office added that the FBI had “worked to identify thousands of infected US computers and delete the PRC malware on them”.
“The scope of this technical operation demonstrates the FBI’s resolve to pursue PRC adversaries no matter where they victimise Americans,” Jacobs said.
French law enforcement authorities and French cyber security firm Sekoia.io led the operation, which, in turn, led to US authorities gaining the first of nine warrants authorising the deletion operation.
The FBI and other authorities are continuing to investigate the hackers behind the malware.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
