FBI Remotely Deletes Malware from Over 4,000 U.S. Computers in Major Cybersecurity Operation

The operation targeted PlugX malware linked to Chinese-backed hacking group Mustang Panda, leveraging its own self-destruct feature to neutralize the threat.

• The FBI, in collaboration with international partners, remotely removed PlugX malware from 4,258 U.S.-based computers after obtaining nine court warrants between August 2024 and January 2025.
• PlugX, a remote access trojan active since 2008, was used by the Chinese-funded hacking group Mustang Panda to control infected systems and steal sensitive information.
• French authorities and cybersecurity firm Sekoia.io helped the FBI identify a self-destruct feature within the malware's code, enabling its safe deletion without disrupting legitimate system functions.
• The operation highlights PlugX's longevity and adaptability, with experts warning that many more devices globally may remain infected despite this effort.
• U.S. officials emphasized the importance of international cooperation in addressing nation-state cyber threats, calling the operation a significant step in protecting national cybersecurity.

3 Articles

PC Gamer TechSpot Forbes