FBI Deletes PlugX Malware from Thousands of Computers - Schneier on Security (www.schneier.com)

submitted 4 months ago by 0x0@programming.dev to c/cybersecurity@sh.itjust.works

1 comments fedilink hide all child comments

According to a DOJ press release, the FBI was able to delete the Chinese-used PlugX malware from “approximately 4,258 U.S.-based computers and networks.”

Details:

To retrieve information from and send commands to the hacked machines, the malware connects to a command-and-control server that is operated by the hacking group. According to the FBI, at least 45,000 IP addresses in the US had back-and-forths with the command-and-control server since September 2023.

It was that very server that allowed the FBI to finally kill this pesky bit of malicious software. First, they tapped the know-how of French intelligence agencies, which had recently discovered a technique for getting PlugX to self-destruct. Then, the FBI gained access to the hackers’ command-and-control server and used it to request all the IP addresses of machines that were actively infected by PlugX. Then it sent a command via the server that causes PlugX to delete itself from its victims’ computers.

The title is a bit blick-batey as it implies the FBI did it directly to said computers.

you are viewing a single comment's thread
view the rest of the comments

[-] Onomatopoeia@lemmy.cafe 5 points 4 months ago

In a way, the FBI did, but your point about click bait is still valid.

By compromising the Command-and-Control server of the malware, they were able to have it direct clients to uninstall.

This does make me think about meanings of such things in today's deeply-interconnected world. For example, when a corporate admin tells their software management system to install/uninstall apps from machines, isn't that the same thing? (A bit rhetorical, more of something to think about, since I don't have a good answer to this).

this post was submitted on 16 Jan 2025

20 points (100.0% liked)

Cybersecurity

7207 readers

95 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social