The FBI hacked about 4,200 computer systems throughout the US as a part of an operation to search out and delete PlugX, a malware utilized by state-backed hackers in China to steal data from victims, the Department of Justice announced on Tuesday.
In an unsealed affidavit, the FBI says the China-based hacking group recognized by the monikers “Mustang Panda” and “Twill Hurricane” used PlugX to contaminate 1000’s of Home windows computer systems within the US, Asia, and Europe since at the very least 2012. The malware, which infects computer systems by their USB ports, operates within the background whereas permitting hackers to “remotely entry and execute instructions” on victims’ computer systems.
To do that, contaminated computer systems contact a command-and-control server run by the hackers, which has its IP deal with hard-coded into the malware. From there, hackers can remotely entry customers’ information and acquire details about contaminated computer systems, reminiscent of their IP addresses. At the least 45,000 IP addresses within the US have contacted the command-and-control server since September 2023, in keeping with the FBI.
The FBI used this very exploit to take away PlugX from contaminated computer systems. In collaboration with French regulation enforcement, which launched a PlugX deletion operation of its own, the FBI gained entry to the command-and-control server and requested the IP addresses of contaminated computer systems. It then despatched a local command to make PlugX delete the information it created on victims’ computer systems, cease the PlugX utility from operating, and delete the malware after it’s stopped.
