The FBI has recently conducted a large-scale operation to hack approximately 4,200 computers across the United States, targeting the removal of PlugX, a malware linked to Chinese state-backed hacking groups, according to the US Department of Justice.

The operation aimed to eliminate a cyber threat by the China-based hacking groups known as "Mustang Panda" and "Twill Typhoon" which used PlugX to infect thousands of Windows computers in the US, Asia, and Europe since at least 2012, the FBI said in an unsealed affidavit.

PlugX, a tool widely used by hacking groups, operates by infecting systems through USB ports, allowing hackers to remotely access and execute commands on the compromised machines. Once installed, the malware establishes contact with a command-and-control server, which grants access to attackers to retrieve files, gather information about the infected computers, and maintain control over the devices. 

According to the FBI, at least 45,000 IP addresses in the United States have communicated with the server since September 2023. 

The FBI, in collaboration with French law enforcement and Sekoia.io, a France-based private cybersecurity company, dismantled the PlugX network by targeting its command-and-control server. After gaining access, the agency obtained a list of infected devices and remotely issued commands to delete the malware from victims' systems. This involved halting PlugX processes, erasing related files.

This is not the first time the FBI has used remote hacking to neutralise cyber threats. Previously, the agency dismantled a Quakbot malware network by deploying software to uninstall the malware from infected systems. Similarly, in 2021, the FBI remotely hacked hundreds of computers to protect them from the Hafnium exploit, another cyber attack.