Login

Gallup Sun

Tuesday, Feb 18th

Last update03:11:14 PM GMT

You are here: News Public Safety FBI, Justice Department conduct international operation to delete hacking malware

FBI, Justice Department conduct international operation to delete hacking malware

E-mail Print PDF

The Justice Department and FBI announced a multi-month law enforcement operation that, alongside international partners, deleted “PlugX” malware from thousands of infected computers worldwide Jan. 14.

As described in court documents unsealed in the Eastern District of Pennsylvania, a group of hackers sponsored by the People’s Republic of China, known to the private sector as “Mustang Panda” and “Twill Typhoon,” used a version of PlugX malware to infect, control, and steal information from victim computers.

According to court documents, the PRC government paid the Mustang Panda group to, among other computer intrusion services, develop this specific version of PlugX. Since at least 2014, Mustang Panda hackers then infiltrated thousands of computer systems in campaigns targeting U.S. victims, as well as European and Asian governments and businesses, and Chinese dissident groups.

Despite previous cybersecurity reports, owners of computers still infected with PlugX are typically unaware of the infection. The court-authorized operation announced Jan. 14 remediated U.S.-based computers infected with Mustang Panda’s version of PlugX.

“The Department of Justice prioritizes proactively disrupting cyber threats to protect U.S. victims from harm, even as we work to arrest and prosecute the perpetrators,” Assistant Attorney General Matthew G. Olsen of the Justice Department’s National Security Division said in a Jan. 14 statement. “This operation, like other recent technical operations against Chinese and Russian hacking groups like Volt Typhoon, Flax Typhoon, and APT28, has depended on strong partnerships to successfully counter malicious cyber activity. I commend partners in the French government and private sector for spearheading this international operation to defend global cybersecurity.”

“Leveraging our partnership with French law enforcement, the FBI acted to protect U.S. computers from further compromise by PRC state-sponsored hackers,” Assistant Director Bryan Vorndran of the FBI’s Cyber Division said. “Today’s announcement reaffirms the FBI’s dedication to protecting the American people by using its full range of legal authorities and technical expertise to counter nation-state cyber threats.”

"This wide-ranging hack and long-term infection of thousands of Windows-based computers, including many home computers in the U.S., demonstrates the recklessness and aggressiveness of PRC state-sponsored hackers,” U.S. Attorney Jacqueline Romero for the Eastern District of Pennsylvania said. “Working alongside both international and private sector partners, the Department of Justice’s court-authorized operation to delete PlugX malware proves its commitment to a ‘whole-of-society’ approach to protecting U.S. cybersecurity.”

The international operation was led by French law enforcement and Sekoia.io, a France-based private cybersecurity company, which had identified and reported on the capability to send commands to delete the PlugX version from infected devices. Working with these partners, the FBI tested the commands, confirmed their effectiveness, and determined that they did not otherwise impact the legitimate functions of, or collect content information from, infected computers.

In August, the Justice Department and FBI obtained the first of nine warrants in the Eastern District of Pennsylvania authorizing the deletion of PlugX from U.S.-based computers. The last of these warrants expired on Jan. 3, thereby concluding the U.S. portions of the operation. In total, this court-authorized operation deleted PlugX malware from over 4,000 U.S.-based computers and networks.