The Justice Department and FBI, in collaboration with international partners, successfully executed a multi-month operation to eliminate PlugX malware from thousands of infected computers globally.
This malware, a variant developed by the Chinese-sponsored hacking group Mustang Panda, was used to compromise and exfiltrate data from victims, including U.S. entities, foreign governments, businesses, and dissident groups.
Despite previous cybersecurity warnings, many infected computer owners remained unaware of the intrusion that effectively remediated U.S.-based systems infected with Mustang Panda’s PlugX variant.
The U.S. Department of Justice and FBI, in collaboration with French authorities and the private sector, disrupted a cyber operation conducted by PRC state-sponsored hackers and aimed to protect U.S. computers from further compromise.
Alongside recent actions against groups like Volt Typhoon, Flax Typhoon, and APT28, it demonstrates the importance of international partnerships in countering malicious cyber activity.
The Federal Bureau of Investigation (FBI) made use of its legal authorities and technical expertise in order to defend against the threat that was posed by the advanced persistent threats (APTs).
They conducted a court-authorized operation to remove PlugX malware from thousands of compromised Windows computers across the United States and targeted state-sponsored hackers from the People’s Republic of China, which highlights the government’s commitment to proactive cybersecurity measures and its determination to counter persistent threats to American computer systems.
The operation underscores the FBI’s ability to identify infected machines and neutralize malicious software on a large scale, demonstrating a proactive approach to combating cyber threats originating from foreign adversaries.
French law enforcement and Sekoia.io collaborated to identify a capability to remotely delete PlugX malware while the FBI verified the legitimacy and effectiveness of the deletion commands.
With court authorization, the FBI remotely deleted PlugX malware from approximately 4,258 U.S. infected computers and networks between August 2024 and January 3rd, 2025.
The FBI, along with the US Attorney’s Office for the Eastern District of Pennsylvania and the National Security Cyber Section of the Justice Department’s National Security Division, collaborated with the Cyber Division of the Paris Prosecution Office, French Gendarmerie Cyber Unit C3N, and Sekoia.io to disrupt a cyber operation.
Through their internet service providers, the Federal Bureau of Investigation (FBI) notified owners of Windows-based computers in the United States.
The FBI continues to investigate Mustang Panda’s computer intrusion activity and strongly encourages the use of anti-virus software as well as the application of software security updates to help prevent reinfection.
