Serving tech enthusiasts for over 25 years.
TechSpot means tech analysis and advice you can trust.
In a nutshell: PlugX, a malware family designed to remotely control infected machines, is a persistent threat that's existed since 2008. A specific variant of this Remote Access Trojan was recently targeted and essentially wiped off the internet by the FBI and a few international partners.
The Justice Department and the FBI recently announced a multi-month operation that took down a variant of the PlugX family of malware. The malicious tool was developed by a hacking team known as "Mustang Panda," the FBI said, with the entire operation being sponsored and funded by Chinese authorities. The malware was designed to infiltrate, infect, and control thousands of PCs and networks around the world.
Mustang Panda has been active since at least 2014, the recently unveiled FBI affidavit said. The group targeted government and private business organizations based in the US, Europe, and Asia, along with a few Chinese dissident groups. Owners of systems infected by PlugX are usually unaware of the ongoing infection, which is why the recent self-destruct operation delivered a significant blow against the threat.
The US agency leveraged its partnership with French law enforcement authorities, and France-based cyber-security company Sekoia.io. Sekoia researchers were successful in discovering a feature hidden within PlugX's code, which could receive a "self-destruct" instruction from its command-and-control (C2) server. The C2 IP address was hard-coded in the malware, so the FBI was able to effectively seize the entire system.
The PlugX family of Remote Access Trojans is known for its extensive ability to execute commands coming from remote C2 servers. Cyber-criminals can easily extract relevant machine information from the infected systems, capture the screen, send keyboard and mouse events, reboot the system, manage services and the Windows Registry, and more.
Starting in August 2024, the FBI and the Justice Department obtained nine warrants required to organize the PlugX self-destruction operation. The judge authorized the deletion of the PlugX infection from approximately 4,258 Windows PCs and networks based in the US, and the operation was concluded earlier this month.
Furthermore, the FBI got in touch with the actual US victims of the RAT malware through their respective internet service providers. According to Jacqueline Romero, US Attorney for the Eastern District of Pennsylvania, this long-term PlugX infection involving thousands of computers shows how reckless and aggressive Chinese-sponsored hackers are. US authorities were able to effectively deal with this threat thanks to an international "whole-of-society" approach to protecting US cyber-security.
English (US) ·