The FBI hacked about 4,200 computer systems throughout the US as a part of an operation to seek out and delete PlugX, a malware utilized by state-backed hackers in China to steal info from victims, the Department of Justice announced on Tuesday.
In an unsealed affidavit, the FBI says the China-based hacking group recognized by the monikers “Mustang Panda” and “Twill Hurricane” used PlugX to contaminate hundreds of Home windows computer systems within the US, Asia, and Europe since not less than 2012. The malware, which infects computer systems via their USB ports, operates within the background whereas permitting hackers to “remotely entry and execute instructions” on victims’ computer systems.
To do that, contaminated computer systems contact a command-and-control server run by the hackers, which has its IP handle hard-coded into the malware. From there, hackers can remotely entry customers’ information and procure details about contaminated computer systems, corresponding to their IP addresses. Not less than 45,000 IP addresses within the US have contacted the command-and-control server since September 2023, based on the FBI.
The FBI used this very exploit to take away PlugX from contaminated computer systems. In collaboration with French legislation enforcement, which launched a PlugX deletion operation of its own, the FBI gained entry to the command-and-control server and requested the IP addresses of contaminated computer systems. It then despatched a local command to make PlugX delete the information it created on victims’ computer systems, cease the PlugX software from operating, and delete the malware after it’s stopped.