The FBI hacked about 4,200 computer systems throughout the US as a part of an operation to seek out and delete PlugX, a malware utilized by state-backed hackers in China to steal data from victims, the Division of Justice introduced on Tuesday.
In an unsealed affidavit, the FBI says the China-based hacking group identified by the monikers “Mustang Panda” and “Twill Storm” used PlugX to contaminate 1000’s of Home windows computer systems within the US, Asia, and Europe since no less than 2012. The malware, which infects computer systems by way of their USB ports, operates within the background whereas permitting hackers to “remotely entry and execute instructions” on victims’ computer systems.
To do that, contaminated computer systems contact a command-and-control server run by the hackers, which has its IP tackle hard-coded into the malware. From there, hackers can remotely entry customers’ recordsdata and procure details about contaminated computer systems, similar to their IP addresses. Not less than 45,000 IP addresses within the US have contacted the command-and-control server since September 2023, in keeping with the FBI.
The FBI used this very exploit to take away PlugX from contaminated computer systems. In collaboration with French regulation enforcement, which launched a PlugX deletion operation of its personal, the FBI gained entry to the command-and-control server and requested the IP addresses of contaminated computer systems. It then despatched a local command to make PlugX delete the recordsdata it created on victims’ computer systems, cease the PlugX utility from working, and delete the malware after it’s stopped.
