A major FBI operation has deleted Chinese malware from thousands of US computers

News
By published

Mustang Panda loses access to thousands of devices across the US, France, and possibly elsewhere

A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
(Image credit: Getty Images)
  • The FBI and international partners sent a self-destruct command to PlugX malware
  • More than 4,000 computers in the US alone were cleaned as a result
  • The malware was developed by a Chinese state-sponsored group

French cybersecurity firms and law enforcement agents, together with partners from the United States, have successfully removed Chinese-built malware from thousands of infected PCs.

In a press release shared on the US Justice Department (DoJ) website, it was said a Chinese state-sponsored threat actor called Twill Typhoon (AKA Mustang Panda) built a custom version of the PlugX malware which can “infect, control, and steal information from victim computers.”

“Since at least 2014, Mustang Panda hackers then infiltrated thousands of computer systems in campaigns targeting U.S. victims, as well as European and Asian governments and businesses, and Chinese dissident groups,” the DoJ said.

Kill switch

Mustang Panda is a known Chinese cyber-espionage group previously observed targeting government, academic, and religious organizations, particularly in Southeast Asia, Europe, and the United States.

The group is recognized for its use of spear-phishing campaigns and custom malware, such as the PlugX backdoor, to steal sensitive information. Their activities often align with China's strategic interests, since they are focused on cyber-espionage and surveillance, rather than profit or disruption.

However, cybersecurity researchers from the French outfit Sekoia.io found a way to communicate through PlugX’s command & control (C2) infrastructure, allowing them to order the malware to self-destruct.

After obtaining the necessary court orders, the researchers, together with the Cyber Division of the Paris Prosecution Office, French Gendarmerie Cyber Unit C3N, the FBI, and the DoJ, ran the campaign and successfully removed the malware from infected computers.

The DoJ said that just in the United States alone, 4,258 were cleansed.

Commenting on the operation, US Attorney Jacqueline Romero for the Eastern District of Pennsylvania, slammed Chinese “reckless” and “aggressive” hackers.

“This wide-ranging hack and long-term infection of thousands of Windows-based computers, including many home computers in the United States, demonstrates the recklessness and aggressiveness of PRC state-sponsored hackers,” she said.

You might also like

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Read more
A computer being guarded by cybersecurity.
Huge cyberattack found hitting vulnerable Microsoft-signed legacy drivers to get past security
China
Chinese hackers develop effective new hacking technique to go after business networks
China
Chinese hackers who targeted key US infrastructure charged by Justice Department
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
BadBox malware hit after infecting over 500,000 Android devices
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
China-linked cyberespionage group PlushDaemon used South Korean VPN service to inject malware
A group of 7 hackers, 6 slightly blurred in the background and one in the foreground, all wearing black with hoods pulled up over their heads. You cannot see their faces. The hacker in the foreground sits with an open laptop in front of them. The background, behind the hackers, is a Chinese flag
China government-linked hackers caught running a seriously dangerous ransomware scam
Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Image showing detail of the Leica D-Lux 8
Still can't get a Fujifilm X100VI? This premium Leica compact costs less, and it's in stock
Man using iMessage on an iPhone
Apple will finally enable encrypted RCS messages between iOS and Android, and it's about time
Google Messages update
Google Messages could soon follow WhatsApp with an upgrade that makes it much easier to join group chats
Jason Sudeikis' Ted Lasso pointing at someone in Ted Lasso season 2
Believe it, baby: Ted Lasso season 4 is officially in development for Apple TV+ and Jason Sudeikis will reprise his role as the titular soccer coach
More about security
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.

AI agents can be hijacked to write and send phishing attacks
China

Juniper patches security flaws which could have let hackers take over your router
Data Breach

Thousands of healthcare records exposed online, including private patient information
See more latest
Most Popular
Data Breach
Thousands of healthcare records exposed online, including private patient information
Brad Pitt looks over his right shoulder with 'F1' written behind him
Apple Original Films will take you behind-the-scenes of a racing cockpit in this new thrilling F1 movie trailer
Google Messages update
Google Messages could soon follow WhatsApp with an upgrade that makes it much easier to join group chats
Reacher looking down at another character from the Prime Video TV series Reacher
Reacher season 3 becomes Prime Video’s biggest returning show thanks to Hollywood’s biggest heavyweight
Nvidia RTX 6000
Details of Nvidia's fastest video card ever leak; RTX Pro 6000 Blackwell GPU will have 96GB GDDR7 ECC memory
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
Hasselblad X2D 100C camera in user's hand, their blue jacket in background
My dream Hasselblad camera is getting a sequel soon, according to new leaks – here are 5 upgrades I’m hoping for
Harry Halpin, CEO and co-founder of Nym Technologies, and Chelsea Manning, Nym Technlogies' security consultant, on stage at the Frontline Club in London during the NymVPN launch on March 13, 2025.
NymVPN is now live – here's everything you need to know
Sony UBP-X700/K shown from the front
Sony launches new version of the best cheap 4K Blu-ray player that drops the streaming tech – but the price looks odd
Ethernet cables with IP addresses in the background
You can now use an IPv4 address as business collateral - and it could be worth millions