News FBI hacked over 4K Computers to remove Malware from them.

[Fixxx]

The Federal Bureau of Investigation has hacked into over 4,200 computers across the United States to remove the PlugX remote access Trojan, according to the U.S. Department of Justice. The malware is controlled by the Chinese hacking group Mustang Panda, also known as Twill Typhoon. The attackers infected systems via USB drives, allowing remote access to files and command execution capabilities. In 2024, European shipping companies became victims of attacks, while from 2021 to 2023, several European governments, Chinese dissidents worldwide, and governments in the Indo-Pacific region, including authorities in Taiwan, Hong Kong, Japan, South Korea, Mongolia, India, Myanmar, Indonesia, the Philippines, Thailand, Vietnam and Pakistan, were targeted. Once infected, the malware remains on the victim's computer, creating registry keys that automatically activate PlugX upon system startup. Device owners are typically unaware of the infection. The FBI's court-approved actions were part of a global operation to remove malware, conducted by the French cybersecurity company Sekoia. The operation began in July of the previous year when French police and Europol removed PlugX from infected devices in France.

By late summer 2024, the U.S. Department of Justice and the FBI received the first of nine warrants allowing the removal of PlugX from computers located in the U.S. The last of these warrants expired on January 3, 2025, thus concluding the American part of the operation. PlugX has been used for attacks since at least 2008. The software has primarily been employed by groups linked to China's Ministry of State Security for cyber espionage and remote access operations. Victims have included government, defense, technology and political organizations in Asia and around the world. PlugX has extensive capabilities, including gathering system information, uploading and downloading files, logging keystrokes and executing commands. In 2023, the FBI conducted a similar operation against a network of computers infected with Quakbot. Two years prior, the bureau remotely hacked hundreds of computers to protect them from the Hafnium breach.