July 27, 2024 at 03:00AM
French authorities, with support from Europol, have initiated a “disinfection operation” to remove the PlugX malware from compromised hosts. The effort, starting in France and involving other countries, comes after a cybersecurity firm’s disclosure and aims to address the remote access trojan’s widespread impact. This cooperative action aims to curb long-standing cyber threats.
Key takeaways from the meeting notes:
– French judicial authorities, with the help of Europol, have launched a large-scale “disinfection operation” to eliminate the known malware PlugX from compromised hosts in several countries.
– The operation started on July 18 and is expected to continue for several months, with over a hundred victims already benefiting from cleanup efforts in France, Malta, Portugal, Croatia, Slovakia, and Austria.
– Sekoia, a French cybersecurity firm, played a critical role in sinkholing a command-and-control server linked to PlugX and has developed a disinfection solution in collaboration with Europol.
– The PlugX trojan, widely used by China-associated threat actors since 2008, utilizes DLL side-loading techniques to execute arbitrary commands, upload/download files, and harvest sensitive data on compromised hosts.
– Sekoia has devised a solution to delete PlugX, including variants with a wormable component that can propagate via infected USB drives, bypassing air-gapped networks, and has deferred decisions on removing the malware to national CERTs, law enforcement agencies, and cybersecurity authorities.
– The fruitful cooperation between French and international authorities, including Europol and police forces of third countries, underscores the collaborative effort to combat long-lasting malicious cyber activities.
These takeaways highlight the significant international collaboration involved in combating the PlugX malware and the complexity of the technical and legal challenges associated with its eradication.