The U.S. Department of Justice has revealed that the FBI successfully removed the Chinese PlugX malware from over 4,200 infected computers across the United States.

The operation targeted the PlugX malware, linked to the Chinese cyber-espionage group Mustang Panda (also known as Twill Typhoon). This sophisticated malware spread rapidly using a wormable component via USB drives, infecting thousands of systems globally.

According to court records, victims of this malicious campaign included European shipping companies, several European governments, global Chinese dissident groups, and governments across the Indo-Pacific region. Targets spanned countries such as Taiwan, Hong Kong, Japan, South Korea, and India, among others. Once PlugX infiltrated a system, it created registry keys to maintain persistence, ensuring the malware was reactivated every time the computer started—often without the victim’s awareness.

Buy Me a Coffee

This major operation, authorized by U.S. courts, was part of a global takedown led by French law enforcement and cybersecurity firm Sekoia. It began in July 2024 when French authorities and Europol dismantled the malware from devices in France. By August 2024, the Justice Department and FBI secured nine warrants to clean infected U.S. systems, culminating in January 2025. In total, over 4,258 U.S.-based computers were disinfected. The FBI’s commands to the infected machines deleted the malware files, registry keys, and associated directories, ensuring complete removal without compromising user data.

PlugX, active since 2008, is notorious for enabling cyber espionage and remote access. It has been linked to attacks on government, defense, and political organizations worldwide. A variant of PlugX was previously tracked by Sekoia, revealing a botnet that connected over 2.5 million devices from 170 countries. The malware’s leaked source code in 2015 has made attribution challenging, as it has been updated and used by multiple threat actors.

READ
5,000+ WordPress Sites Compromised in New Malware Campaign