5.4 C
London
Friday, March 14, 2025

FBI Removes Malware From Thousands of US Computers

Date:

Related stories

Αποστρατεύονται 581 υπαξιωματικοί «εκτός οργανικών θέσεων» που έμεναν στις Ενοπλες Δυνάμεις με ειδικά προνόμια

Αποστρατεύονται 581 υπαξιωματικοί «εκτός οργανικών θέσεων» που έμεναν στις Ενοπλες Δυνάμεις με ειδικά προνόμια Στην ίδια κατηγορία, με τους υπαξιωματικούς εμπίπτουν, κατά πληροφορίες, και περίπου 35 αξιωματικοί - Αμφότεροι παρέμεναν ουσιαστικά στις Ένοπλες Δυνάμεις από την… πίσω πόρτα Μέχρι τις πλέον προνομιακές κατηγορίες του προσωπικού των Ενόπλων Δυνάμεων έχουν φτάσει οι κρίσεις στο Υπουργείο Εθνικής Άμυνας, καθώς 581…

Χατζηδάκης: Σεμνότητα και αποτελεσματικότητα, οι δύο βασικές υποχρεώσεις μας

Χατζηδάκης: Σεμνότητα και αποτελεσματικότητα, οι δύο βασικές υποχρεώσεις...
The FBI’s recent operation successfully removed PlugX malware from thousands of U.S. computers
The FBI’s recent operation successfully removed PlugX malware from thousands of U.S. computers. Credit: J / CC BY 2.0

The FBI, with court approval, has remotely removed PlugX malware from 4,258 computers in the United States. The operation targeted a version of the malware linked to Mustang Panda, a hacking group believed to have ties to the Chinese government.

The move, announced on January 14, 2025, highlights the FBI’s increasing reliance on proactive cyber defense tactics.

Nine warrants secured for malware removal

The Department of Justice (DoJ) revealed that the operation began in August 2024, after a warrant was issued in the Eastern District of Pennsylvania. The FBI obtained nine warrants in total, the last of which expired on January 3, 2025.

These warrants authorized the FBI to access infected systems and delete malware without disrupting the normal functions of the computers.

PlugX: A longstanding cybersecurity threat

PlugX, active since 2014, is a sophisticated malware capable of taking control of systems and stealing sensitive information. It is often used by cybercriminals and state-sponsored groups to target government agencies, corporations, and critical infrastructure.

The malware’s ability to bypass security measures and its potential to cause widespread damage made it a priority for U.S. cybersecurity efforts.

FBI ensures careful execution of the operation

The FBI confirmed that the operation involved taking control of PlugX’s command-and-control server and using the malware’s built-in self-delete feature to remove it from infected machines. Officials stated that all actions were tested beforehand to ensure they would not interfere with legitimate system functions or collect any user data.

“The FBI acted to protect U.S. computers from further compromise by PRC state-sponsored hackers,” said Bryan Vorndran, Assistant Director of the FBI’s Cyber Division. He emphasized that the operation was part of the FBI’s broader mission to safeguard national security from foreign cyber threats.

Mustang panda’s ties to China highlighted

Court documents revealed that Mustang Panda, also known as Twill Typhoon, used this version of PlugX to infiltrate thousands of systems, targeting U.S. organizations in particular. The group is believed to have received backing from the Chinese government, raising concerns about state-sponsored cyberattacks.

🇺🇸 DOJ wipes Chinese PlugX malware from 4,200 U.S. computers in a court-approved cyber operation.

Used by hacker groups Mustang Panda & Twill Typhoon, the malware infected systems globally.

U.S. owners will be notified via ISPs. pic.twitter.com/EvUYswWwcw

— Alfred Lanning (@alfred_lanning1) January 15, 2025

Global collaboration key to success

The FBI’s collaboration with French cybersecurity agencies was instrumental in the success of the operation. Chris Henderson, senior director of threat operations at Huntress, praised the effort, calling it a prime example of international cooperation.

“The FBI’s coordinated effort with French agencies to disrupt PlugX demonstrates the power of international collaboration in combating cyber threats,” Henderson said.

“By gaining control of the malware’s command-and-control server and leveraging its native self-delete functionality, they’ve successfully removed a significant threat from thousands of infected machines.”

Henderson highlighted the importance of careful planning, noting that the inclusion of affidavits assessing potential risks before file deletions set a high standard for similar operations in the future. This thoughtful approach, he said, minimized unintended consequences and ensured the protection of affected systems.

Proactive measures against evolving threats

As cyber threats continue to evolve, the FBI’s actions serve as a reminder of the growing need for proactive measures to counter malicious activity. The PlugX removal operation not only addressed a significant security risk but also demonstrated how careful planning and international collaboration can effectively combat cybercrime.

Latest stories

LEAVE A REPLY

Please enter your comment!
Please enter your name here