The U.S. Department of Justice and the Federal Bureau of Investigation (FBI) announced on Tuesday (January 14) a months-long enforcement operation in collaboration with international partners aimed at removing the malicious “PlugX” malware implanted by Chinese hackers from over 4,200 infected computers.
According to the Department of Justice, the malicious software known as “PlugX” was implanted by Chinese-backed criminal hackers to infect, control, and steal information from victims’ computers, impacting thousands of computers worldwide.
Investigators revealed that “PlugX” was installed by a group of hackers operating under the aliases “Mustang Panda” and “Twill Typhoon”.
Court records submitted to the U.S. District Court for the Eastern District of Pennsylvania accused the Chinese government of funding the “Mustang Panda” group to develop “PlugX”.
Since 2014, the hackers associated with “Mustang Panda” have infiltrated thousands of computer systems targeting governments and businesses in the U.S., Europe, and Asia, as well as political dissidents and groups in China. Owners of computers infected with “PlugX” are often unaware of the compromise.
The Justice Department stated that the court has authorized the removal of the “PlugX” from infected computers in the U.S.
Matthew G. Olsen, Assistant Attorney General for National Security at the Department of Justice, said, “The Department of Justice has proactively neutralized the cyber threat to protect American victims from harm, and we will make every effort to apprehend and prosecute the criminals.” Olsen emphasized the importance of strong partnerships in combating malicious cyber activities, citing recent successful actions against Chinese and Russian hacker organizations like “Volt Typhoon,” “Flax Typhoon,” and APT28.
Jacqueline Romero, a federal prosecutor in the Eastern District of Pennsylvania, pointed out that the widespread hacking attacks and long-term infections of thousands of Windows computers, including many in the U.S., underscore the brazen and aggressive nature of state-sponsored Chinese hackers.
Wayne Jacobs, Special Agent in Charge at the FBI’s Philadelphia Office, highlighted the breadth of the operation, demonstrating the FBI’s commitment to pursue Chinese adversaries regardless of where they harm Americans.
The international operation was led by French law enforcement agencies and the private cybersecurity company Sekoia.io, which discovered “PlugX” and removed it from infected devices. The FBI collaborated with Sekoia.io to test and confirm the malware’s effectiveness. In August 2024, the Department of Justice and the FBI were authorized to remove “PlugX” from U.S. computers in the Eastern District of Pennsylvania. In total, the operation removed “PlugX” from 4,258 American computers and networks.
The FBI stated that they will continue to investigate the computer intrusion activities of “Mustang Panda.” If you suspect that your computer or device has been compromised, you can visit the FBI’s Internet Crime Complaint Center (IC3) or contact your local FBI office directly.