According to a DOJ press release, the FBI was able to delete the Chinese-used PlugX malware from “approximately 4,258 U.S.-based computers and networks.”
To retrieve information from and send commands to the hacked machines, the malware connects to a command-and-control server that is operated by the hacking group. According to the FBI, at least 45,000 IP addresses in the US had back-and-forths with the command-and-control server since September 2023.
It was that very server that allowed the FBI to finally kill this pesky bit of malicious software. First, they tapped the know-how of French intelligence agencies, which had recently discovered a technique for getting PlugX to self-destruct. Then, the FBI gained access to the hackers’ command-and-control server and used it to request all the IP addresses of machines that were actively infected by PlugX. Then it sent a command via the server that causes PlugX to delete itself from its victims’ computers.
More Stories
Middle Eastern Real Estate Fraud Grows with Online Listings
Middle East real estate scams are surging as fraudsters exploit online listings and bypassed due diligence checks Read More
Trump’s Truth Social Users Targeted by Rampant Scams Online
Truth Social, launched by the Trump Media & Technology Group in 2022, has become a hotspot for scams like phishing...
Biden Tightens Software Supply Chain Security Requirements Ahead of Trump Takeover
The US President’s second cybersecurity Executive Order will impose stricter security standards on software providers Read More
DORA Compliance Costs Soar Past €1m for Many UK and EU Businesses
Compliance with the Digital Operational Resilience Act (DORA) has cost many businesses over €1 million, according to research from Rubrik...
New Hacking Group Leaks Configuration of 15,000 Fortinet Firewalls
The leak likely comes from a zero-day exploit affecting Fortinet’s products Read More
GoDaddy Accused of Serious Security Failings by FTC
A proposed settlement order from the FTC will require GoDaddy to strengthen its security practices following multiple data breaches at...