US dismantles China-backed malware infecting thousands of computers

Investigators believe a China-backed hacking group developed malware used in cyber espionage.

China, US, Malware, PlugX, Mustang Panda

The US Justice Department has removed malware from over 4,200 computers worldwide in an operation targeting a hacking group linked to the Chinese government. The malware, known as ‘PlugX,’ was used to steal information and compromise systems across the United States, Europe, and Asia. Investigators identified the cybercriminals behind the attack as ‘Mustang Panda’ and ‘Twill Typhoon,’ groups believed to have received financial support from China.

Court documents filed in the US District Court for the Eastern District of Pennsylvania allege that the Chinese government paid Mustang Panda to develop PlugX. The malware has been active since at least 2014 and was used not only to target governments and businesses but also Chinese political dissidents. Officials described the operation as a critical step in neutralising cyber threats backed by foreign states.

Authorities emphasised the growing risks posed by state-sponsored hacking groups and their ability to infiltrate global networks. The Justice Department remains committed to dismantling cyber threats and preventing adversaries from exploiting sensitive information. The scale of the attack highlights the persistent threat of cyber espionage and the need for international cooperation in addressing cybersecurity challenges.