The US Department of Justice recently announced a successful operation to remove the PlugX malware from more than 4,200 computers in the US. PlugX is a remote access trojan used by Chinese state-backed hackers, specifically the group known as “Mustang Panda” or “Twill Typhoon”, active since at least 2012.
The malware spread mainly via infected USB devices, allowing attackers to gain remote access to compromised systems, collecting sensitive information and executing malicious commands. To neutralize this threat, the FBI, in collaboration with French authorities, took control of a command and control server used by PlugX. From this server, commands were sent that instructed the malware to uninstall itself from infected computers.
This is not the first time that the FBI has carried out operations of this kind. In previous years, the agency has dismantled computer networks infected by other malware, such as Quakbot and Hafnium, using similar approaches to protect compromised systems.
The operation against PlugX highlights the importance of international cooperation in the fight against cybercrime and reinforces the need for proactive measures to identify and neutralize cyber threats on a global scale.
