Remote Deletion Of Malware Enforced On Thousands Of Computers 

Uploaded on 2025-01-20 in NEWS-Cybersecurity News, INTELLIGENCE-Hot Spots-China, GOVERNMENT-Law Enforcement, FREE TO VIEW

The US Department of Justice has confirmed that a court-authorised operation ordering the removal of malware files from thousands of  US-based computers has been completed. An estimated 4,258 computers were identified by the FBI in an operation to remotely detect and delete the malware threat  

The operation, conducted in co-operation with French law enforcement and the French cyber security firm Sekoia.io, targeted a variant of PlugX malware known to be deployed by Chinese state-sponsored hackers and used by a group known as Mustang Panda or Twill Typhoon, capable of controlling infected computers to steal information. 

According to court documents, the DoJ said, the  Chinese government “paid the Mustang Panda group to develop this specific version of PlugX,” which has been in use since 2014 and infiltrated thousands of computer systems in campaigns targeting US victims...

“... The FBI acted to protect US computers from further compromise by PRC state-sponsored hackers,”Assistant Director Bryan Vorndran of the FBI’s Cyber Division, said.  

The announcement “reaffirms the FBI’s dedication to protecting the American people by using its full range of legal authorities and technical expertise to counter nation-state cyber threats.” 

The first of nine warrants was obtained in August 2024 in Pennsylvania, authorising the deletion of PlugX from US-based computers, the last expired on Jan. 3.  “The FBI tested the commands, confirmed their effectiveness, and determined that they did not otherwise impact the legitimate functions of, or collect content information from, infected computers,” the statement said. 

The FBI continues to investigate Mustang Panda’s computer intrusion activity.  

Justice.gov   |    ic3   |   NTD   |   Bleeping Computer   |    Forbes   |   TechRadar

Image: Ideogram

You Might Also Read:

Chinese Hackers Penetrated The US Treasury:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Data Broker Discloses A Major Breach Of App User Data
Ukrainian Hackers Attack Russian Financial Services »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Micro Systemation AB (MSAB)

Micro Systemation AB (MSAB)

MSAB is a leader in the provision of forensically secure tools for the extraction and analysis of data from mobile devices.

CERT-In

CERT-In

CERT-In is a functional organisation of the Ministry of Information & Electronics Technology, Government of India, with the objective of securing Indian cyber space.

Australian Information Security Association (AISA)

Australian Information Security Association (AISA)

AISA champions the development of a robust information security sector by building professional capacity and advancing the cyber security of the public, business and governments in Australia.

Fastpath Solutions

Fastpath Solutions

Fastpath deliver software solutions that enable you to take control of your security, compliance and risk management initiatives.

NowSecure

NowSecure

NowSecure are the experts in mobile app security testing software and services.

OnSystem Logic

OnSystem Logic

OnSystem Logic has developed a unique, patent-pending solution to solve the problem of the exploitation of flaws in application software as a technique for cyber attacks.

ReversingLabs

ReversingLabs

ReversingLabs develops cyber threat detection and mitigation tools that address the the latest directed attacks, advanced persistent threats and polymorphic malware.

British Blockchain Association (BBA)

British Blockchain Association (BBA)

British Blockchain Association (BBA) is a not-for-profit organisation that promotes evidence-based adoption of Blockchain and Distributed Ledger Technologies (DLT) across the public and private sector

FirstWave Cloud Technology

FirstWave Cloud Technology

FirstWave Cloud Technology is a global cyber security company which has been delivering Cybersecurity-as-a-service solutions to the market since 2004.

Votiro

Votiro

Votiro is an award-winning cybersecurity company that specializes in file sanitization, ensuring every organization is safe from zero-day and undisclosed attacks.

Lightpath

Lightpath

Lightpath is revolutionizing how organizations connect to their digital destinations by combining our next-generation network with our next-generation customer service.

Revytech

Revytech

Revytech is a tech company providing services in a broad range of areas including IT operations, cyber security and network engineering.

NinjaOne

NinjaOne

The NinjaOne Platform was built to help IT and MSP teams efficiently manage, patch, and support all endpoints.

ZENDATA

ZENDATA

ZENDATA are an innovative provider of intelligent, tailored cybersecurity solutions to global companies and public sector institutions.

Stack Overflow

Stack Overflow

Founded in 2008, Stack Overflow’s public platform is used by nearly everyone who codes to learn, share their knowledge, collaborate, and build their careers.

Securafy

Securafy

At Securafy, we understand how important it is to have the right IT partner by your side. For over 30 years, we’ve helped businesses stay secure, connected, and compliant.