Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
The FBI closed the backdoor on thousands of computers by ordering the malware to delete itself. according to Press service of the Ministry of Justiceintelligence agency was able to successfully acquire PlugX, a malware used by Chinese state-sponsored hacking groups to steal victims’ data and delete itself from their victims’ machines.
PlugX is a Remote Access Trojan that has been around since at least 2008. According to Malpediaand often referred to as “Mustang Panda” or “Twill Typhoon”, has been a favorite tool of a popular Chinese hacking group that has used it to infect computers in the US, Asia and Europe. The malware, which typically infects victims who insert an infected USB drive into their machine, gives attackers full remote access to the system, including logging keystrokes, capturing screen activity and executing commands.
The malware connects to a command and control server run by the hacking group to receive information from and send commands to compromised machines. According to the FBIAt least 45,000 IP addresses in the US have back-and-forth communication with the command-and-control server since September 2023.
It was that server that allowed the FBI to finally kill this pesky malware. First, they used the know-how of the French intelligence agencies He recently discovered a technique For PlugX to self-destruct. The FBI then gained access to the hackers’ command-and-control server and used it to request all the IP addresses of machines actively infected by PlugX. He then sent a command through the server that caused PlugX to remove itself from its victims’ computers.
And just like that, PlugX was removed from more than 4,258 machines nationwide, the FBI says. Similar operations by partner law enforcement agencies have cleaned the malware from thousands of other machines around the world.
PlugX is probably far from dead. Cybersecurity firm Sekoia discovered Command-and-control server for the malware in April 2024 and said it received pings from 2,500,000 unique devices in 170 countries over six months. The malware has been a pain for security experts and has been used to target a wide range of victims. According to the FBIin recent years it has been used to infect European shipping companies, European and Indo-Pacific government agencies, and Chinese dissident groups. For now, at least some of PlugX’s operations are sanitized, so that’s something.
