July 25, 2024 at 11:26AM
French police, with support from Europol and security firm Sekoia, are removing the PlugX malware from infected devices in France and other European countries. The operation, prompted by concern over the upcoming Paris 2024 Olympic Games, started on July 18, 2024, and is expected to continue until late 2024. ANSSI will notify individual victims in France about the clean-up process.
From the meeting notes, it is evident that a dedicated effort is underway to tackle the PlugX malware infections in France and several other countries. The collaboration involves the French police, Europol, cybersecurity firm Sekoia, and other stakeholders.
Key takeaways from the meeting notes include:
– The Center for the Fight Against Digital Crime (C3N) of the National Gendarmerie, with the assistance of Sekoia, is conducting an operation to remove the PlugX malware from infected devices in France and other countries.
– Sekoia had previously sinkholed a command and control server for a widely distributed PlugX variant last April, indicating their expertise and involvement in combating this malware.
– A significant number of devices (3,000 systems in France, as well as in Malta, Portugal, Croatia, Slovakia, and Austria) have been identified as infected with PlugX.
– The operation to remove the malware began on July 18, 2024, and is expected to continue for several months, possibly concluding in late 2024.
– The National Agency for the Security of Information Systems (ANSSI) will individually notify victims in France about the clean-up process and its implications.
– Stakeholders are also advised to be cautious about using USB sticks in systems that receive many physical connections and to scan their devices afterward.
– The development and deployment of the disinfection solution involve legal considerations, as indicated by Sekoia’s decision to defer the decision on disinfection to national Computer Emergency Response Teams (CERTs), Law Enforcement Agencies (LEAs), and cybersecurity authorities in their April report.
– The approach to clean infected USB drives is considered risky, as it could damage legitimate files and media.
Overall, the proactive efforts and collaboration between law enforcement, cybersecurity authorities, and security firms in addressing the PlugX malware infections are commendable, with a structured approach that respects legal boundaries and seeks to protect sensitive data.