According to the Feds, the People's Republic of China paid Mustang Panda to, among other computer intrusion services, provide malware including PlugX. The crew used a version of PlugX that allowed the miscreants to remotely access and control infected machines, steal files, and deploy additional malware.
Significant foreign targets include European shipping companies in 2024, several European Governments from 2021 to 2023, worldwide Chinese dissident groups, and governments throughout the Indo-Pacific, American prosecutors noted.
The malware remains on the machine (maintains persistence), in part by creating registry keys which automatically run the PlugX application when the computer is started. Owners of computers infected by PlugX malware are typically unaware of the infection.
French law enforcement and Sekoia.io, a France-based private cybersecurity company, were able to pull the plug on PlugX, and shut down the operation, after Sekoia compromised the system behind the malware.
Collection
[
|
...
]