Press ESC to close

FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation

Category Details
Threat Actors Mustang Panda (a.k.a BASIN, Bronze President, Earth Preta, RedDelta, TA416, etc.), PRC state-sponsored hackers.
Campaign Overview FBI-led operation removed PlugX malware from 4,250 infected devices, targeting PRC-linked hacking efforts.
Target Regions (Victims) U.S., European, and Asian governments, businesses, Chinese dissidents, and other nations, including Taiwan, Hong Kong, Japan, South Korea, Mongolia, India, and more.
Methodology Deployment of PlugX malware via USB devices, beaconing to attacker-controlled servers, and persistence through registry keys and directories.
Product Targeted Windows-based computers.
Malware Reference PlugX (a.k.a Korplug).
Tools Used Remote Access Trojan (RAT), USB propagation, attacker-controlled servers.
Vulnerabilities Exploited Weak USB device controls, lack of robust endpoint protection.
TTPs Information theft, persistence through registry keys, lateral movement via USB devices, command execution from remote servers.
Attribution People’s Republic of China (PRC)-linked Mustang Panda group.
Recommendations Strengthen USB device policies, implement endpoint protection, monitor for anomalous registry and network activity, and apply prompt malware disinfection strategies.
Source The Hackers News

Read full article: https://thehackernews.com/2025/01/fbi-deletes-plugx-malware-from-4250.html

The above summary has been generated by an AI language model

Stay Updated with Our Newsletter

  

Source: TheHackersNews

Published on: January 15, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *