The Department of Justice stated that the Chinese government had paid the Mustang Panda group to develop this specific version of the malware. The FBI acted to neutralize the threat and prevent further compromise of U.S. systems. The FBI identified an estimated 4,258 infected computers and networks within the U.S. and, after obtaining nine separate warrants, remotely deleted the malware. The first warrant was secured in August 2024, with the final one expiring on January 3rd. The FBI emphasized that they rigorously tested the deletion process to ensure it wouldn't disrupt the legitimate functions of the affected computers or collect any personal data. Incidentally, the deletion of the PlugX malware by the FBI was done remotely and generally without directly advising the individual companies or computer users involved beforehand. Yes, the deletion of the PlugX malware by the FBI was done remotely and generally without directly advising the individual companies or computer users involved beforehand. Here's why and how this was possible: Court Authorization: The FBI obtained warrants from a court, which gave them the legal authority to access and modify the infected systems. This legal backing is crucial for such operations. Targeting the Malware's Infrastructure: The operation didn't involve directly hacking into each individual computer. Instead, the FBI, working with French authorities and cybersecurity firm Sekoia.io, gained control of a command-and-control (C2) server used by the Mustang Panda group to communicate with the infected machines. Leveraging Malware's Own Functionality: The FBI then used the PlugX malware's own built-in "self-delete" mechanism. By sending specific commands to the C2 server, they instructed the malware to remove itself from the infected systems. This approach was less intrusive than directly accessing and modifying individual computers. Limited Direct User Contact: Due to the scale of the operation (over 4,000 computers), it would have been impractical to contact each affected user or company individually beforehand. The focus was on neutralizing the threat quickly and efficiently. Security experts have weighed in on the operation. Chris Henderson, senior director of threat operations at Huntress, praised the international collaboration between the FBI and French agencies in disrupting the PlugX infrastructure. He also highlighted the careful planning involved, particularly the assessment of potential impacts before the deletion process, ensuring minimal disruption to the targeted systems. This operation underscores the ongoing efforts by law enforcement to combat state-sponsored cyber threats and protect individuals and organizations from malicious software. Ep287 Image created by AI
More on miteradio.com.au (press play)
0 Comments
Your comment will be posted after it is approved.
Leave a Reply. |
AuthorDelve into the world of MITE Radio through our captivating blogs. From music and tech to community news, our articles offer fresh perspectives and behind-the-scenes glimpses. Stay informed, connect with our community, and explore MITE Radio in a new way today! Archives
February 2025
Categories
All
|