Remote Deletion Of Malware Enforced On Thousands Of Computers 

Uploaded on 2025-01-20 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-China, GOVERNMENT-Law Enforcement, FREE TO VIEW

The US Department of Justice has confirmed that a court-authorised operation ordering the removal of malware files from thousands of  US-based computers has been completed. An estimated 4,258 computers were identified by the FBI in an operation to remotely detect and delete the malware threat  

The operation, conducted in co-operation with French law enforcement and the French cyber security firm Sekoia.io, targeted a variant of PlugX malware known to be deployed by Chinese state-sponsored hackers and used by a group known as Mustang Panda or Twill Typhoon, capable of controlling infected computers to steal information. 

According to court documents, the DoJ said, the  Chinese government “paid the Mustang Panda group to develop this specific version of PlugX,” which has been in use since 2014 and infiltrated thousands of computer systems in campaigns targeting US victims...

“... The FBI acted to protect US computers from further compromise by PRC state-sponsored hackers,”Assistant Director Bryan Vorndran of the FBI’s Cyber Division, said.  

The announcement “reaffirms the FBI’s dedication to protecting the American people by using its full range of legal authorities and technical expertise to counter nation-state cyber threats.” 

The first of nine warrants was obtained in August 2024 in Pennsylvania, authorising the deletion of PlugX from US-based computers, the last expired on Jan. 3.  “The FBI tested the commands, confirmed their effectiveness, and determined that they did not otherwise impact the legitimate functions of, or collect content information from, infected computers,” the statement said. 

The FBI continues to investigate Mustang Panda’s computer intrusion activity.  

Justice.gov   |    ic3   |   NTD   |   Bleeping Computer   |    Forbes   |   TechRadar

Image: Ideogram

You Might Also Read:

Chinese Hackers Penetrated The US Treasury:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Data Broker Discloses A Major Breach Of App User Data
Ukrainian Hackers Attack Russian Financial Services »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Fortress Group

Fortress Group

Fortress is specialized in confidential and discrete recruitment solutions and temporary staffing in the field of security and risk management.

Crest International

Crest International

Crest is focused on professionalizing the technical cyber security market whilst driving quality and standards of organizations that operate within it.

SCIS Security

SCIS Security

SCIS Security provides affordable cyber security services and solutions to small to medium sized businesses and homes.

The Cyber Security Expert

The Cyber Security Expert

The Cyber Security Expert delivers cyber security consultancy, website and cloud security monitoring services, and specialist training services.

HCL Technologies

HCL Technologies

HCL offer an integrated portfolio of products, solutions and services built around Digital, IoT, Cloud, Automation, Cybersecurity, Analytics, Infrastructure Management and Engineering Services.

Tutamantic

Tutamantic

Tutamantic develops software that reduces security risks and weaknesses during the architectural and design stages.

Assertion

Assertion

Assertion secures your collaboration (UC/CC) systems from cyber risks. Enforcing the right set of controls and monitoring them continually brings down risk to acceptable levels.

Proximity

Proximity

Proximity is a leading professional services organisation providing consulting, legal and commercial advisory solutions with a focus on government and regulated industries.

Albania Lab

Albania Lab

Albania Lab is a consulting company focused on the development and delivery of digital solutions and IT services including cybersecurity.

Alkira

Alkira

Alkira has reinvented networking for the cloud era by delivering the network cloud, the first global unified network infrastructure with on-demand hybrid and multi-cloud connectivity.

Bytes Technology Group

Bytes Technology Group

Bytes is a leading provider of world-class IT solutions. Our growing portfolio of services includes cloud, security, licensing, SAM, storage, virtualisation and managed services.

CYDEF

CYDEF

CYDEF provides comprehensive, state-of-the-art cybersecurity protection that is accessible and affordable to organizations of any size.

EasyDMARC

EasyDMARC

EasyDMARC deliver the most comprehensive product for anyone who strives to build the most secure possible defence system for their email ecosystem.

GoodAccess

GoodAccess

GoodAccess is the cybersecurity platform that gives your business the security benefits of zero trust without the complexities so your users can securely access digital resources anytime, anywhere.

Tidelift

Tidelift

Tidelift provides the tools, data, and strategies that help organizations assess risk and improve the health, security, and resilience of the open source used in their applications.

SFY Information Technology

SFY Information Technology

SFY helps companies with Cyber Security and Managed IT, allowing them to focus on what really matters to them.