DOJ, FBI Dismantle Malware Used by China-Backed Hackers in Global Operation

In an international effort, the US Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI) have successfully eliminated a sophisticated malware threat known as “PlugX” from over 4,200 computers across the United States.

The malware, used by bad actors sponsored by the People’s Republic of China (PRC), has targeted global victims since 2014.

The multi-month operation, which involved collaboration with French law enforcement and the cybersecurity company Sekoia.io, was authorized by court orders issued in the Eastern District of Pennsylvania. Hackers linked to the PRC, operating under the aliases “Mustang Panda” and “Twill Typhoon,” exploited the PlugX malware to infiltrate computer systems and steal sensitive data from governments, businesses, and dissident groups.

A Powerful RAT

“PlugX is a powerful remote access Trojan (RAT) often used in targeted cyber-espionage campaigns,” explained Chris Jones, Incident Response Analyst at Check Point Software. “Its modular design ...