The FBI continues to investigate Mustang Panda’s computer intrusion activities.

"This  large-scale hacking and long-term infection of thousands of  Windows computers, including many  personal computers in the United States, demonstrates the recklessness and aggressiveness of  state-sponsored PRC hackers," said U.S. Attorney for the Eastern District of  Pennsylvania Jacqueline Romero. . "Working alongside international and private partners, the Department of Justice's  court-ordered operation to  eliminate the PlugX malware  demonstrates its commitment to a  'whole of society' approach to protecting  American cybersecurity." »
"The FBI worked to identify thousands of infected  American computers and  remove the PRC malware  from them.  "The magnitude of this technical operation demonstrates the  FBI's determination to  go after PRC  adversaries, no matter where they victimize  Americans," said Special Agent in Charge Wayne Jacobs of the  FBI's Philadelphia Field  Office.
The international operation was  conducted by French law enforcement and Sekoia.io, a private cybersecurity  firm based in France, which had identified and reported the  ability to send commands to  remove the PlugX version from infected devices. Working with these partners, the FBI tested the commands, confirmed their effectiveness, and determined that they did not  affect the legitimate functions  of the infected computers or collect information  about their contents. In August 2024, the  Department of Justice and  the FBI obtained the first of nine warrants  from the Eastern District of Pennsylvania authorizing the  removal of PlugX from U.S.-based computers. The last of these warrants expired on  January 3, 2025,  ending part of the U.S. operation. In total, this court-authorized operation  removed the PlugX malware from approximately 4,258 U.S.-based computers and  networks. The FBI, through the victims'  Internet service providers, is  notifying U.S. owners of  affected Windows computers  of the court-authorized  raid. The FBI's Philadelphia Field Office and Cyber  Division, the U.S. Attorney's Office for the Eastern District of Pennsylvania, and the National  Cybersecurity Section of  the Department of Justice's Homeland Security Division  conducted the  internal disruption operation. This operation would not have been  possible without the valuable collaboration of the  cyber division of the Paris  Prosecutor's Office,  the French  Gendarmerie's C3N cyber unit, and  Sekoia.io.
The FBI continues to investigate Mustang Panda's computer intrusion  activities. If you believe you have a compromised computer or device, please visit the FBI's  Cybercrime Complaint Center (IC3). You  can also contact your local FBI office directly. The FBI strongly encourages the use of  antivirus software  and the application of software security updates to help prevent reinfection.

[attachment deleted by admin]