Justice Department and FBI Conduct International Operation to Delete Malware Used by China-Backed Hackers

January 15, 2025

The Justice Department and FBI today announced a multi-month law enforcement operation that, alongside international partners, deleted “PlugX” malware from thousands of infected computers worldwide. As described in court documents unsealed in the Eastern District of Pennsylvania, a group of hackers sponsored by the People’s Republic of China (PRC), known to the private sector as “Mustang Panda” and “Twill Typhoon,” used a version of PlugX malware to infect, control, and steal information from victim computers.

According to court documents, the PRC government paid the Mustang Panda group to, among other computer intrusion services, develop this specific version of PlugX. Since at least 2014, Mustang Panda hackers then infiltrated thousands of computer systems in campaigns targeting U.S. victims, as well as European and Asian governments and businesses, and Chinese dissident groups. Despite previous cybersecurity reports, owners of computers still infected with PlugX are typically unaware of the infection. The court-authorized operation announced today remediated U.S.-based computers infected with Mustang Panda’s version of PlugX.

MCAC | Maryland Coordination and Analysis Center

Justice Department and FBI Conduct International Operation to Delete Malware Used by China-Backed Hackers

MCAC (Maryland Coordination
and Analysis Center)

MCAC | Maryland Coordination and Analysis Center

MCAC (Maryland Coordination and Analysis Center)

MCAC (Maryland Coordination
and Analysis Center)