FBI deletes PlugX Malware: over 4,000 computers freed from Chinese Hackers in the US
The FBI successfully removed PlugX malware from over 4,000 US computers, striking a blow against Chinese hackers. Learn how this operation unfolded and its implications.
In a groundbreaking operation, the FBI successfully removed the PlugX malware, also known as Korplug, from over 4,000 computers and networks across the United States. This malicious software, linked to the Chinese hacking group Mustang Panda, allowed attackers to steal sensitive data and remotely control infected devices.
This operation, which began in mid-2024, highlights the importance of international cooperation in combating global cyber threats. Here’s what you need to know about this historic cybersecurity success.
FBI removed PlugX malware from Chinese hackers
The operation was a collaborative effort between the FBI, French authorities, and the cybersecurity firm Sekoia. It involved the identification and takeover of a command-and-control server used by Mustang Panda to operate the PlugX malware. This server was located at a specific IP address, "45.142.166[.]112."
Once the FBI gained control of the server, agents issued commands that instructed the malware to self-delete from all affected systems. The process ensured the removal of files, registry keys, and directories associated with PlugX without disrupting legitimate operations on the infected devices.
Matthew G. Olsen, Assistant Attorney General, praised the success of the operation: "This demonstrates the strength of international cooperation in combating cybercrime and sends a clear message to malicious actors worldwide.", said to NBC News.
The objective was to eradicate this malicious software that not only affected American computers, but also put companies and governments in Europe, Asia and other regions at risk. Photo: Freepik.
What is PlugX Malware?
PlugX is a remote access Trojan (RAT) that has been active since 2014. It has been used in cyber espionage campaigns to target governments, corporations, and political dissidents globally. The malware enables hackers to:
- Steal sensitive data.
- Execute remote commands.
- Monitor user activities.
The group behind PlugX, Mustang Panda—also known as Bronze President—is tied to cyberattacks against governments and organizations in the United States, Europe, and Asia.
The FBI’s removal of PlugX is a major blow to Mustang Panda’s operations. Over 4,250 computers and networks in the US were freed from the malware’s control, significantly reducing the group’s reach and potential harm. This operation is part of the FBI’s ongoing efforts to counter advanced persistent threats (APTs) targeting critical infrastructure and sensitive data.