Reports from US cybersecurity agencies or major cybersecurity firms

FBI Deletes PlugX Malware From Over 4,200 US Computers, Targeting Mustang Panda and Twill Typhoon

Jan 14, 2025, 04:38 PM

The U.S. Department of Justice and the FBI, in collaboration with French law enforcement and cybersecurity firm Sekoia, have successfully deleted the PlugX malware from approximately 4,258 computers across the United States. This operation targeted a version of the malware deployed by the China-backed hacking groups known as Mustang Panda and Twill Typhoon. The malware, which has been used since at least 2014 and first observed in 2012, was designed to infect, control, and steal information from victim computers using a wormable component often spread through USB ports. The FBI obtained nine warrants in the Eastern District of Pennsylvania to authorize the deletion of the malware, with the operation concluding on January 3, 2025. At least 45,000 IP addresses in the U.S. had contacted the command-and-control server since September 2023. The PlugX malware has been used in espionage campaigns targeting U.S. victims, European and Asian governments and businesses, and Chinese dissident groups.