{"id":1381,"date":"2025-01-17T05:01:38","date_gmt":"2025-01-17T05:01:38","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/01\/17\/fbi-deletes-plugx-malware-from-thousands-of-computers-html\/"},"modified":"2025-01-17T05:01:38","modified_gmt":"2025-01-17T05:01:38","slug":"fbi-deletes-plugx-malware-from-thousands-of-computers-html","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/01\/17\/fbi-deletes-plugx-malware-from-thousands-of-computers-html\/","title":{"rendered":"FBI Deletes PlugX Malware from Thousands of Computers"},"content":{"rendered":"\n
FBI Deletes PlugX Malware from Thousands of Computers<\/div>\n

\t

\n
<\/BR>
\n
\n \t

\n
<\/BR><\/p>\n

\n

According to a DOJ press release<\/a>, the FBI was able to delete the Chinese-used PlugX malware from \u201capproximately 4,258 U.S.-based computers and networks.\u201d<\/p>\n

Details<\/a>:<\/p>\n

\n

To retrieve information from and send commands to the hacked machines, the malware connects to a command-and-control server that is operated by the hacking group. According to the FBI<\/a>, at least 45,000 IP addresses in the US had back-and-forths with the command-and-control server since September 2023.<\/p>\n

It was that very server that allowed the FBI to finally kill this pesky bit of malicious software. First, they tapped the know-how of French intelligence agencies, which had recently discovered a technique<\/a> for getting PlugX to self-destruct. Then, the FBI gained access to the hackers\u2019 command-and-control server and used it to request all the IP addresses of machines that were actively infected by PlugX. Then it sent a command via the server that causes PlugX to delete itself from its victims\u2019 computers.<\/p>\n<\/blockquote>\n<\/div>\n

\t

\n
<\/BR>
\n Bruce Schneier
\n \t

\n
<\/BR>
\nGo to bruce schneier<\/a>
\n \t

\n
<\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"

FBI Deletes PlugX Malware from Thousands of Computers According to a DOJ press release, the FBI was able to delete the Chinese-used PlugX malware from \u201capproximately 4,258 U.S.-based computers and networks.\u201d Details: To retrieve information from and send commands to the hacked machines, the malware connects to a command-and-control server that is operated by the […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[57,573,258,1],"tags":[87],"class_list":["post-1381","post","type-post","status-publish","format-standard","hentry","category-bruce-schneier","category-fbi","category-malware","category-uncategorized","tag-bruce-schneier"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/1381"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=1381"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/1381\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=1381"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=1381"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=1381"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}