By Sarah N. Lynch
WASHINGTON (Reuters) – The U.S. Justice Department announced on Tuesday that it had successfully removed malware from over 4,200 computers that had been compromised by a group of criminal hackers with ties to the People’s Republic of China. The malicious software, identified as “PlugX,” had infected numerous computers worldwide, enabling the perpetrators to infiltrate systems and steal sensitive information, according to the department.
Investigators revealed that the malware had been distributed via infected USB devices by a cybercriminal group known as “Mustang Panda” and “Twill Typhoon.” Court documents filed in the U.S. District Court for the Eastern District of Pennsylvania alleged that the Chinese government had funded the Mustang Panda group to develop PlugX.
In September 2023, cybersecurity firm Sekoia identified the command and control infrastructure utilized by the hackers to operate this particular version of PlugX. By July 2024, working in collaboration with French law enforcement, Sekoia was able to gain control over the infrastructure. The FBI, in partnership with French authorities, then identified targeted devices in the United States and issued commands to self-delete the malware from each compromised device.
The malware campaign, in operation since at least 2014, targeted computers in the United States, Europe, and Asia, as well as the devices of Chinese dissidents. The coordinated effort to counter this cyber threat underscores the ongoing challenges posed by state-sponsored hacking activities and the importance of international cooperation to combat such threats.
(Authentic text by Doina Chiacu and Sarah N. Lynch; Editing by Andrea Ricci)
