On the eve of the opening ceremony of the Paris Olympic Games, vigilance against cyberattacks is at its peak. However, for the past week, a vast “disinfection operation” has been underway, announced Paris prosecutor Laure Beccuau on Thursday, July 25. The goal? To put an end to software suspected of having caused “several million victims worldwide.”
“On the eve of the opening of the Olympic Games, this operation demonstrates the vigilance of the various players, in France and abroad, mobilized to fight against all forms of cybercrime, including the most sophisticated,” argued the magistrate, while an investigation was opened at the Paris prosecutor’s office following a report from the cybersecurity company Sekoia. It was entrusted to the Center for the Fight against Digital Crimes of the National Gendarmerie (C3N).
Several victims released from custody
The investigations are particularly interested in a “botnet” suspected of having infected “victims’ machines” by implanting the PlugX malware, “a ‘RAT’ (Remote Access Trojan) type malicious software, via USB keys,” explains the prosecutor’s press release. “After infecting the machine, the software receives orders from a central server to execute arbitrary commands and seize data present on the system,” and this “in particular for espionage purposes,” Laure Beccuau further explains.
But according to the Paris prosecutor, analysts from the Sekoia company managed “to take possession of a command and control (C2) server at the head of a network of several million infected machines”. A feat that allowed them to design a “technical solution” for disinfection, in conjunction with investigators. Launched on July 18, the operation “will continue for several months” in order “to remotely disinfect the machines that were victims of the botnet”.
Just a few hours after the start of the process, “a hundred victims” would have already been able to benefit from this disinfection, “mostly in France, but also in Malta, Portugal, Croatia, Slovakia and Austria”, the prosecutor rejoiced. She assured that at “At the end of the operation, by the end of 2024, French victims will be individually notified by the National Agency for the Security of Information Systems (ANSSI).