FBI Wraps Up Eradication Effort of Chinese 'PlugX' Malware

The US Justice Department and the FBI said on Jan. 14 that they were able to delete "PlugX" malware from thousands of devices globally as part of a cooperative effort.

The operation spanned a series of months, targeting the work of a group of China-sponsored hackers known as "Mustang Panda" and "Twill Typhoon." The group used PlugX malware to infect victims' computers and steal their information.

According to court documents, the Chinese government paid the hacking group to develop their strain of PlugX.

Since 2014, the group has targeted thousands of victims across the US, Europe, and Asia, as well as Chinese dissident groups. Many victims are still unaware their devices remain infected with the malware.

"This wide-ranging hack and long-term infection of thousands of Windows-based computers, including many home computers in the United States, demonstrates the recklessness and aggressiveness of [People's Republic of China] state-sponsored hackers," said US Attorney Jacqueline Romero.

French law enforcement led the international operation, and a French cybersecurity company, Sekoia.io, was able to identify and report on the capability to send commands to delete the PlugX version from infected devices.

The tactic was tested and deemed viable by the FBI, leading the organization to obtain nine warrants to begin deleting PlugX from US-based computers.