In August 2024, U.S. authorities carried out a significant operation to disrupt the activities of Twill Typhoon, a Chinese state-backed hacking group, also known as "Mustang Panda." This group, notorious for compromising government and humanitarian organization systems across Africa, Europe, and beyond, was accused by the U.S. Justice Department of developing and deploying the PlugX malware. In a strategic move, the operation successfully eradicated the malware from over 4,200 infected computers in the United States.
Twill Typhoon, previously referred to as "Tantalum," forms part of a broader consortium of Chinese state-sponsored hacking groups identified with Typhoon monikers. The group has been under scrutiny for its cyber espionage activities, utilizing PlugX malware since 2014, with initial observations by the FBI dating back to 2012. French authorities have classified PlugX as a tool for espionage, which has infiltrated millions of computers worldwide, including 3,000 in France alone.
The group’s operations involved infiltrating systems of both government and private enterprises globally, including notable instances within the United States. Once inside, the malware collected and staged victims' computer files for subsequent exfiltration. The sophistication and scale of these operations underscored the need for international collaboration to curb such threats.
In a court-authorized operation spearheaded by French authorities in collaboration with Paris-based cybersecurity firm Sekoia, U.S. and French teams coordinated efforts to dismantle Twill Typhoon’s malicious infrastructure. This decisive action was a significant step in countering the pervasive reach of Chinese state-backed cyber actors.
Leave a Reply