Image Not FoundImage Not Found

  • Home
  • Computing
  • FBI Thwarts Chinese Hackers: PlugX Malware Removed from Thousands of US Computers
FBI Thwarts Chinese Hackers: PlugX Malware Removed from Thousands of US Computers

FBI Thwarts Chinese Hackers: PlugX Malware Removed from Thousands of US Computers

FBI Removes Chinese Malware from Thousands of US Computers

In a sweeping cybersecurity operation, the Federal Bureau of Investigation (FBI) has successfully removed PlugX malware from approximately 4,200 computers across the United States. PlugX, a sophisticated malware tool associated with state-backed Chinese hackers known as “Mustang Panda” or “Twill Typhoon,” has been active since at least 2012, affecting computers in the US, Asia, and Europe.

The malware, which infects computers through USB ports and operates covertly in the background, allows hackers to remotely access and execute commands on infected systems. Infected computers communicate with a command-and-control server, enabling hackers to access users’ files and gather sensitive information such as IP addresses.

According to FBI reports, since September 2023, at least 45,000 IP addresses in the US have contacted the PlugX command-and-control server, highlighting the widespread nature of the infection.

To combat this threat, the FBI leveraged the same exploit used by the hackers to remove PlugX from infected systems. The operation involved collaboration with French law enforcement, which conducted a parallel removal operation in their jurisdiction.

The FBI gained access to the command-and-control server, requesting IP addresses of infected computers. Subsequently, they sent commands to delete PlugX files, halt its application, and remove the malware from victims’ computers.

This operation follows a pattern of proactive cybersecurity interventions by the FBI. Last year, the agency dismantled a network of Quakbot-infected computers, instructing these devices to download software to uninstall the malware. Similarly, in 2021, the FBI remotely hacked hundreds of computers to protect them from the Hafnium hack.

As cyber threats continue to evolve, the FBI’s latest operation against PlugX demonstrates the agency’s commitment to protecting US computer systems from state-sponsored malware attacks.