US Removes Malware Allegedly Planted by Chinese-Backed Hackers
The U.S. Justice Department announced on Tuesday that it had successfully removed malware, known as “PlugX,” from over 4,200 computers that had been targeted by a group of hackers linked to the Chinese government. The malware, which had been used to steal sensitive information, was installed through infected USB devices by a group identified as “Mustang Panda” or “Twill Typhoon.”
The hackers, allegedly backed by the Chinese government, used PlugX for cyber-espionage, affecting thousands of computers globally. According to U.S. prosecutors, the Chinese government paid the Mustang Panda group to develop the malware. The hacking campaign has been active since at least 2014, targeting computers in the U.S., Europe, and Asia, as well as those belonging to Chinese political dissidents.
Cybersecurity company Sekoia traced the command-and-control infrastructure for PlugX and collaborated with French law enforcement to seize control of it in July 2024. In coordination with French authorities, the FBI identified devices in the U.S. affected by the malware and worked to send self-delete commands to remove it from those devices.
The operation marks a significant step in international cooperation to counteract cyber threats linked to state-sponsored hackers, with U.S. officials emphasizing the importance of protecting critical infrastructure from such sophisticated attacks.