this post was submitted on 16 Jan 2025
19 points (100.0% liked)

Cybersecurity

5995 readers
113 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago
MODERATORS
 

According to a DOJ press release, the FBI was able to delete the Chinese-used PlugX malware from “approximately 4,258 U.S.-based computers and networks.”

Details:

To retrieve information from and send commands to the hacked machines, the malware connects to a command-and-control server that is operated by the hacking group. According to the FBI, at least 45,000 IP addresses in the US had back-and-forths with the command-and-control server since September 2023.

It was that very server that allowed the FBI to finally kill this pesky bit of malicious software. First, they tapped the know-how of French intelligence agencies, which had recently discovered a technique for getting PlugX to self-destruct. Then, the FBI gained access to the hackers’ command-and-control server and used it to request all the IP addresses of machines that were actively infected by PlugX. Then it sent a command via the server that causes PlugX to delete itself from its victims’ computers.


The title is a bit blick-batey as it implies the FBI did it directly to said computers.

top 1 comments
sorted by: hot top controversial new old
[–] [email protected] 5 points 5 days ago

In a way, the FBI did, but your point about click bait is still valid.

By compromising the Command-and-Control server of the malware, they were able to have it direct clients to uninstall.

This does make me think about meanings of such things in today's deeply-interconnected world. For example, when a corporate admin tells their software management system to install/uninstall apps from machines, isn't that the same thing? (A bit rhetorical, more of something to think about, since I don't have a good answer to this).