U.S. authorities have acknowledged disrupting the efforts of a Chinese state-backed hacker group that broke into millions of computers around the world and stole data as part of a years-long espionage campaign.
The Justice Department and FBI announced Tuesday that they have successfully removed malware launched by a Chinese-backed hacker group known in court as Twill Typhoon or Mustang Panda from thousands of infected systems across the United States. did. -Operation will be approved in August 2024.
French authorities led the operation with support from Paris-based cybersecurity firm Secoi. French prosecutors said in a press release last year that malware known as PlugX had infected millions of computers worldwide, including 3,000 devices in France. Ta.
Sekoia said in a blog post that it has developed the ability to send commands to infected devices to remove the PlugX malware. US authorities said the operation was used to remove malware from more than 4,200 infected computers in the US.
In court records filed in federal court in Pennsylvania, the FBI says it has been observing this malware (usually installed on targeted devices through a computer's USB port) since early 2012, and that this It said the malware was being used by an organization backed by the Chinese government. Active as a hacker since 2014.
Once installed, the malware continues to “collect and exfiltrate the victim's computer files,” according to the FBI. French authorities say the PlugX malware is “used specifically for espionage purposes.”
In a statement Tuesday, the U.S. Department of Justice accused the Chinese government of paying the Twill Typhoon Group to develop the PlugX malware. China has long denied allegations of hacking by the United States.
Although the specific victims of this hacking campaign have not been disclosed, the FBI says Twill Typhoon infiltrated the systems of “numerous government and private organizations,” including the United States. The FBI said key targets include European shipping companies, multiple European governments, Chinese dissident groups, and various governments in the Indo-Pacific region.
Twill Typhoon joins a growing list of Chinese state-sponsored hacker groups known as Typhoons. The list includes Bolt Typhoon, the Chinese government hacker group tasked with setting the stage for devastating cyberattacks, and the Chinese-backed group responsible for large-scale hacks of U.S. phone and internet companies. Includes “Salt Typhoon”.
Twill Typhoon (previously known as “Tantalum”) has a history of successfully compromising government agencies in Africa and Europe, as well as humanitarian organizations around the world, according to Microsoft, which developed the hacking group's naming system. There is.
Microsoft did not immediately respond to TechCrunch's questions Tuesday.