FBI Removes Chinese PlugX Malware from Thousands of US Computers.
download (73).jpeg
FBI
The US Department of Justice announced today that the FBI has removed Chinese PlugX malware from more than 4,200 networked computers across the United States.
The malware, controlled by the Chinese cyberespionage group Mustang Panda (also tracked as Twill Typhoon), infected thousands of systems using a PlugX variant with a worm component that allows it to spread via USB drives.
According to court documents, the list of targeted victims using this malware includes "European shipping companies in 2024, some European governments from 2021 to 2023, Chinese dissident groups around the world, and governments in the Indo-Pacific region (e.g. Taiwan"). , Hong Kong, Japan, South Korea, Mongolia, India, Myanmar, Indonesia, Philippines, Thailand, Vietnam and Pakistan). »
"Once it infects a victim's computer, the malware remains on the machine (maintains its persistence), in part by creating registry keys that automatically run the PlugX application when the computer boots up, we can read in the statement. "Owners of computers infected with the PlugX malware are usually unaware of the infection." Threat groups have used it to target government, defense, technology and political organizations, primarily in Asia and later the rest of the world. Several PlugX developers have also been discovered online, and some security researchers believe that the malware's source code was leaked around 2015. This, combined with numerous updates to the tool, makes it very difficult to attribute the malware's development and use to a specific individual against a specific threat actor or agenda.
The PlugX malware has extensive functionality that includes collecting system information, uploading and downloading files, logging keystrokes, and executing commands.
[attachment deleted by admin]