Jan. 14 (UPI) — Federal authorities announced Tuesday that they have erased Chinese malware from thousands of computers across the United States.
The malware, a variant of the PlugX malicious software, was under the control of China-state sponsored hackers Mustang Panda, which also goes by Twill Typhoon. According to court documents, the malware spreads through a computer’s USB port, infecting Windows-based devices.
The malware then permits hackers access to steal files and other information stored on the infected computers.
The court documents state China-based hackers have been using the malware since 2014. The FBI said Mustang Panda is paid by the Chinese government to provide it with computer intrusion services, including through the use of PlugX.
“The FBI’s multi-year investigation of Mustang Panda has confirmed that this group of computer hackers has infiltrated the computer systems of numerous government and private organizations, including in the United States,” the court document says, adding targets also include European shipping companies and several European governments, international Chinese dissident groups and several Indo-Pacific governments, including Taiwan.
With collaboration with a French law enforcement agency, which had identified a way to send commands to computers infected with the targeted PlugX variant, the FBI executed nine warrants as far back as August of 2024, deleting the PlugX malware from 4,258 U.S.-based computers and networks.
According to court documents, the command sent to the infected computers deleted the files created by the PlugX malware, deleted the PlugX registry keys used to automatically run the PlugX application, created a temporary script file to delete the malware, stopped the PlugX application and then deleted the PlugX application and any associated files.
The last of the nine warrants expired on Jan. 3, the Justice Department said.
“This operation, like other recent technical operations against Chinese and Russian hacking groups like Volt Typhoon, Flax Typhoon, and APT28, has depended on strong partnerships to successfully counter malicious cyber activity,” Assistant Attorney General Matthew Olsen of the Justice Department’s Security Division said in a statement.
“I commend partners in the French government and private sector for spearheading this international operation to defend global cybersecurity.”
