- Anthropic mapped Claude's morality. Here's what the chatbot values (and doesn't)
- UK Romance Scams Spike 20% as Online Dating Grows
- “기업 대부분이 환경 문제 고민··· 데이터센터 계약 때는 ‘후순위’” 시게이트 조사
- The recession-proof security leader: How CISOs can do more with less
- 중국판 엔비디아 되나··· 화웨이, 910C 칩으로 글로벌 공급망 도전장
Global Campaign Targets PlugX Malware with Innovative Portal
A groundbreaking malware disinfection campaign targeting the PlugX worm has been executed with the collaboration of international authorities.
Led by the Sekoia Threat Detection & Research team, the operation disinfected compromised systems across multiple countries.
The PlugX worm, often linked to Mustang Panda, can spread through infected flash drives, making it highly pervasive. After gaining control of a key command-and-control (C2) server in 2023, Sekoia researchers Charles Meslay and Félix Aimé analyzed the malware and proposed two potential disinfection methods.
These included a self-delete command and a more advanced code execution method to clean systems and connected drives. The campaign primarily employed the simpler, less intrusive approach to mitigate risks.
Responding to a public call for assistance, 34 countries requested sinkhole logs to identify compromised networks, while 22 expressed an interest in active disinfection.
Ultimately, disinfection operations were carried out in ten countries under the supervision of the Paris Public Prosecutor’s Office and the French Gendarmerie National Cyber Unit.
Disinfection Interface for Global Use
To streamline operations, Sekoia developed a dedicated disinfection portal in just one week. This platform allowed participating nations to log in, access detailed statistics about infected assets and initiate disinfection campaigns by selecting specific networks or IP ranges.
The process ensured minimal disruption. If an IP address matched predefined criteria, the sinkhole sent a small disinfection payload and logged the operation.
Throughout the campaign, 59,475 payloads were sent to 5539 IP addresses.
Legal and Technical Challenges
While technically straightforward, the campaign underscored significant legal complexities. The active involvement of law enforcement and judicial authorities was crucial to maintaining compliance with international laws.
This collaboration also set a precedent for future disinfection efforts, showcasing the potential of sovereign cybersecurity partnerships.
