Press ESC to close

DOJ deletes China-linked PlugX malware off more than 4,200 US computers

Category Details
Threat Actors Mustang Panda (a.k.a BASIN, Bronze President, etc.), linked to China’s Ministry of State Security.
Campaign Overview FBI and DOJ removed PlugX malware from over 4,200 infected U.S. computers in a court-authorized operation.
Target Regions (Victims) U.S., European, and Asian nations; Indo-Pacific countries; Belt and Road Initiative participants.
Methodology Deployment of PlugX via USB drives, propagation across networks, command-and-control (C2) server management.
Product Targeted Windows-based systems.
Malware Reference PlugX (a.k.a Korplug), a Remote Access Trojan (RAT).
Tools Used PlugX malware, USB propagation, C2 infrastructure, PlugX builder interface.
Vulnerabilities Exploited Weak USB device controls, insufficient endpoint defenses, unmonitored network propagation.
TTPs Espionage, lateral movement, persistence via backdoors, file exfiltration, and data theft.
Attribution PRC state-sponsored hacking, particularly Mustang Panda.
Recommendations Implement strict USB device policies, deploy robust endpoint protection, monitor C2 communication patterns, and enforce legal frameworks for malware disinfection.
Source The Record

Read full article: https://therecord.media/doj-deletes-china-linked-plugx-malware

The above summary has been generated by an AI language model

Stay Updated with Our Newsletter

  

Source: The Record

Published on: January 15, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *