Focus on the BIG picture.
Sunday, Nov 23, 2025
Outside the box.
US Eliminates Malware Allegedly Installed by Hackers with Chinese Backing
The Justice Department discloses that malware connected to cybercriminals supported by China has infected more than 4,200 computers globally.
The U.S. Justice Department has reported the successful removal of malware named 'PlugX' from over 4,200 computers worldwide.
This malware, linked to a hacker group with connections to China, was used to breach and extract sensitive data from numerous governmental and private sector targets.
The hackers, known by names such as 'Mustang Panda' and 'Twill Typhoon', allegedly received support from the Chinese government to develop PlugX, a tool active since at least 2014. It spread via infected USB devices, enabling system infiltration and data theft.
The Justice Department's investigation, in collaboration with global law enforcement, disclosed that these hackers used a sophisticated command-and-control setup to remotely manage compromised devices.
In September 2023, cybersecurity firm Sekoia detected this infrastructure and partnered with French authorities to seize control of the network.
By July 2024, French law enforcement had taken over the infrastructure, effectively halting the hackers' operations.
As part of the global initiative to eradicate the malware, the FBI helped identify U.S. devices impacted by the infection.
The FBI then coordinated with these devices to issue a self-deletion command for the malware, ensuring it was deactivated.
The hackers deployed PlugX across various regions, including the U.S., Europe, and Asia.
Interestingly, the attacks also targeted computers of Chinese political dissidents, revealing the extent and intricacy of the cyber assaults.
Operating with relative freedom, the group used advanced methods to elude detection and maintain access to infected systems.
This successful operation marks a major achievement for international cybersecurity efforts against state-sponsored cyberattacks.
Yet, it also underscores the increasing threats from Chinese-backed hackers, raising global concerns about the security of sensitive data.
This malware, linked to a hacker group with connections to China, was used to breach and extract sensitive data from numerous governmental and private sector targets.
The hackers, known by names such as 'Mustang Panda' and 'Twill Typhoon', allegedly received support from the Chinese government to develop PlugX, a tool active since at least 2014. It spread via infected USB devices, enabling system infiltration and data theft.
The Justice Department's investigation, in collaboration with global law enforcement, disclosed that these hackers used a sophisticated command-and-control setup to remotely manage compromised devices.
In September 2023, cybersecurity firm Sekoia detected this infrastructure and partnered with French authorities to seize control of the network.
By July 2024, French law enforcement had taken over the infrastructure, effectively halting the hackers' operations.
As part of the global initiative to eradicate the malware, the FBI helped identify U.S. devices impacted by the infection.
The FBI then coordinated with these devices to issue a self-deletion command for the malware, ensuring it was deactivated.
The hackers deployed PlugX across various regions, including the U.S., Europe, and Asia.
Interestingly, the attacks also targeted computers of Chinese political dissidents, revealing the extent and intricacy of the cyber assaults.
Operating with relative freedom, the group used advanced methods to elude detection and maintain access to infected systems.
This successful operation marks a major achievement for international cybersecurity efforts against state-sponsored cyberattacks.
Yet, it also underscores the increasing threats from Chinese-backed hackers, raising global concerns about the security of sensitive data.
