The FBI has unveiled details of a massive international cyberattack orchestrated by the Chinese hacker group Mustang Panda, which used the PlugX malware to compromise thousands of computers in at least 170 countries. According to the Justice Department, the group—described as “PRC state-sponsored hackers”—is funded by the Chinese government and has primarily targeted European government devices.
Since 2014, Mustang Panda has utilized PlugX malware to infiltrate government and business systems across the U.S., Europe, and Asia. The malware, initially designed to exploit Windows-based devices, was modified in 2020 to spread via USB flash drives. Thousands of devices, including many home computers in the U.S., have been infected.
In response, the FBI launched a “multi-month law enforcement operation” to eradicate the malware, following court-authorized warrants obtained in August 2024 to delete PlugX from infected U.S.-based computers.
The international response is being spearheaded by French authorities, who developed technology to remove PlugX from devices. Western allies continue to collaborate with the FBI to clear malware from both government and civilian systems, a process expected to take several months.
Read the press release here.
