Reports from cybersecurity firms or government agencies detailing attack methods

FBI and DOJ Remove PlugX Malware from 4,258 U.S. Computers, Targeting China-Backed Hackers Mustang Panda and Twill Typhoon

Jan 14, 2025, 06:37 PM

The U.S. Department of Justice and the FBI, in collaboration with French law enforcement and cybersecurity firm Sekoia.io, have conducted an international operation to delete 'PlugX' malware from thousands of computers worldwide. The malware, used by China-backed hackers known as Mustang Panda and Twill Typhoon, was removed from approximately 4,258 U.S.-based computers and networks. The operation began in August 2024 and concluded on January 3, 2025. The PlugX malware, which has been in use since at least 2014, was employed to infiltrate and steal information from various targets, including U.S., European, and Asian entities, as well as Chinese dissident groups. The FBI has been notifying affected U.S. computer owners through their internet service providers about the removal of the malware.