July 28, 2024 By Pierluigi Paganini
French authorities and Europol are conducting a “disinfection operation” targeting hosts compromised by the PlugX malware.
The French authorities, with the help of Europol, have launched on July 18, 2024, a “disinfection operation” to clean hosts infected with the PlugX malware.
Following a report by the cybersecurity firm Sekoia.io, the Paris Public Prosecutor’s Office launched a preliminary investigation into a botnet involving millions of global victims, including thousands of machines in France. According to the French authorities, the botnet was used for espionage purposes. The disinfection solution was provided through Europol to partner countries benefiting as a result of this international operation.
In September 2023, Sekoia researchers successfully sinkholed a C2 server linked to the PlugX malware. They identified and acquired the unique IP address tied to a variant of this worm for $7.
“Almost four years after its initial launch, between ~90,000 to ~100,000 unique public IP addresses are still infected, sending distinctive PlugX requests daily to our sinkhole. We observed in 6 months of sinkholing more than 2,5M unique IPs connecting to it.” reads the report published by Sekoia.