U.S. officials have confirmed a successful disruption of a longstanding cybersecurity threat posed by a Chinese hacking outfit. The group, armed by state-sponsored sources, had millions of computers under their control, hoarding data for years.
The operation to neutralize this espionage network, led in August 2024 by the U.S. Department of Justice and the FBI, resulted in the removal of malicious software installed by the targeted hackers, identified as “Twill Typhoon” or “Mustang Panda,” from countless U.S. computers.
Coordinated with French authorities and a cybersecurity company Sekoai, based in Paris, they focused on eradicating a malware named “PlugX.” This malware had infected millions of computers globally, as reported by French prosecutors. Amongst these, 3,000 were based in France.
U.S. authorities revealed that the operation successfully sanitized over 4,200 infected computers in the States. Known to the FBI since 2012, this particular malware had been in the clutches of Chinese hackers since 2014.
The PlugX malware, typically transferred via USB ports, then files away the victim’s data for future extraction, as per the FBI. The French authorities highlight the malware’s use especially for espionage.
The U.S. Justice Department has implicated the Chinese Government, accusing them of bankrolling the Twill Typhoon for the development of this malware. The allegations continue to be denied by China.
While the specific victims are undisclosed, the FBI asserts numerous governmental and private organizations have been infiltrated by the Twill Typhoon, even in the U.S. Among these, several European shipping companies, governments and Chinese dissident groups were targeted. The focus also swept across the governments in the Indo-Pacific region.
Twill Typhoon is only a part of a larger collective of Chinese state-sponsored hacking outfits, characterized by the “Typhoon” suffix. Other notorious groups include Volt Typhoon and Salt Typhoon, the latter infamous for their U.S. telecoms cyber onslaught.
As per the naming convention devised by Microsoft, Twill Typhoon, formerly known as “Tantalum”, has an established record of infiltrating government and humanitarian organization systems globally.
Original source: Read the full article on TechCrunch
