DoJ remotely cleaned thousands of computers infected with Chinese malware

The Department of Justice and the FBI shared today that they have completed a project to remove malware used by Chinese hackers from computers in the US. The effort was essentially a court-approved counter-hack that remotely deleted malware known as PlugX from more than 4,200 computers. The agencies will notify the US owners of those impacted machines about the operation through their internet service providers.

According to the DOJ press release, hacker groups known as Mustang Panda and Twill Typhoon received backing from the Chinese government to use PlugX to infect, control and gather information from computers outside China. The action to delete the PlugX malware from US computers began in August 2024. It was conducted in cooperation with French law enforcement and with Sekoia.io, a France-based private cybersecurity company. Sekoia.io has found PlugX malware in more than 170 countries.

The Mustang Panda group has been conducting infiltration efforts around the world since at least 2014. For instance, cybersecurity firm ESET found that Mustang Panda gained access to cargo shipping companies' computers in Norway, Greece and the Netherlands in March. And the group was one of several China-linked hacking organizations identified as compromising telecommunications systems across the Asia-Pacific region in reports last summer.