The FBI confirmed that it deleted files from 4,258 computers in the United States

Update from January 16, 2025. This story, originally published on January 15th, now includes analysis from a threat operations expert on the FBI’s PlugX remote malware removal.

The threat of a cyber attack is never far away, even if it is from members of the Amazon ransomware impossible to restore threat, or Windows zero-day exploits and even evil USB-C port for iPhone. Fortunately, the FBI is never far away either warning about such attacks and hacker threats. But eyebrows will no doubt be raised a bit now that the FBI and Justice Department have confirmed that thousands of US computers and networks were accessed to remotely delete malware files. Here’s what you need to know.

ForbesMillions of users who sign in with Google have been warned about a hacker attack to steal their databy Davy Winder

Court-sanctioned FBI operation remotely removed PlugX malware from 4,258 US computers

The US Department of Justice and the FBI confirmed that a court-sanctioned operation allowed the remote removal of malware files from 4,258 computers in the US. Operation aimed at PlugX malware An option used by what are said to be China-backed threat actors was It was said in a statement dated January 14designed to eliminate a version of PlugX used by a group known as Mustang Panda or Twill Typhoon that is capable of controlling infected computers to steal information.

According to court documents, the Justice Department said the government of the People’s Republic of China “paid the Mustang Panda group to develop this particular version of PlugX,” which has been in use since 2014 and infiltrated thousands of computer systems in campaigns targeting U.S. victims.

“The FBI acted to protect US computers from further compromise by state-sponsored hackers in the PRC,” said Brian Vorndran, assistant director of the FBI’s cyber division, adding that the announcement “reaffirms the FBI’s commitment to protecting the American people using its full range of capabilities. legal powers and technical expertise to counter cyber threats of nation states.”

Thousands of US computers and networks, estimated by the Justice Department at 4,258, were identified by the FBI during a technical operation to remotely detect and remove the threat of malicious software. The first of nine warrants was obtained in August 2024 in the Eastern District of Pennsylvania, allowing the removal of PlugX from computers in the United States. The latter expired on January 3. “The FBI tested the commands, confirmed their effectiveness, and determined that they did not otherwise affect the legitimate functions of the infected computers or collect information about their content,” the statement said.

ForbesHacking Raspberry Pi’s sensitive data – what you need to knowby Davy Winder

Security and threat operations experts talk about the FBI’s PlugX takedown

“The FBI’s coordinated effort with French authorities to disrupt PlugX demonstrates the power of international cooperation in the fight against cyber threats,” said Chris Henderson, senior director of threat management at Huntress, “by gaining control of the malware’s command and control server. using its native self-removal feature, they successfully removed a significant threat from thousands of infected machines.” Henderson also noted that the careful planning used in advance of the actual removal of the files, including “adding an affidavit of assessment of the potential effects of the patch,” emphasized the importance of ensuring that such actions did not inadvertently harm target systems.