French authorities have launched a major operation aimed at cleaning the country’s computer systems of malware that has reportedly infected thousands of users, allegedly for espionage purposes, just before the start of the Olympics. The operation, dubbed the “disinfection operation,” has been in progress for a week and is expected to continue for several months, as stated by the Paris prosecutor’s office in a recent announcement. While the authorities did not specifically mention a connection to the Olympics, the timing of the operation is noteworthy.

The investigation by French authorities focuses on a network of bots believed to have infected millions of victims worldwide, with at least 3,000 devices in France reportedly affected by the PlugX malware. The primary objective of this campaign is suspected to be espionage, with PlugX being an established remote access malware known to have been utilized by Chinese state-sponsored hacker groups since 2008. In a concerning development, in 2020, the China-linked hacker group Mustang Panda enhanced the malware by adding a capability that enabled it to spread through connected USB flash drives.

In April, cybersecurity firm Sekoia made a significant discovery by seizing a command and control server linked to PlugX and uncovering its presence in more than 170 countries worldwide. Following this discovery, Sekoia developed a technical solution to remotely disinfect the victim machines of the botnet, which France and other affected countries have now started to implement to cleanse their networks. The Paris prosecutor’s office reported that within hours of initiating the disinfection process, hundreds of victims had already been successfully cleaned across multiple countries, including France, Malta, Portugal, Croatia, Slovakia, and Austria.

The operation to clean the infected computer systems comes at a critical time for France, as they are gearing up to host the Olympics amidst heightened security concerns. French Prime Minister Gabriel Attal acknowledged the inevitability of cyberattacks on the games but assured that France is taking all necessary measures to mitigate their impact. In the lead-up to the Olympics, researchers had already observed an uptick in influence operations primarily attributed to Russia, along with potential threats of espionage, ransomware attacks, and disruptive activities.

However, the security challenges facing France ahead of the Olympics extend beyond cyber threats. On the eve of the opening ceremony, France’s high-speed railway network fell victim to coordinated “malicious acts,” including arson, leading to disruptions on several key lines to the west, north, and east of Paris. The French national rail company, SNCF, had to cancel multiple trains and issued warnings to travelers to avoid stations. The president of SNCF estimated that nearly 800,000 people would be impacted by the sabotage activities.

In light of these security concerns and the ongoing efforts to combat cyber threats, France remains vigilant and determined to safeguard the integrity of the Olympics and ensure the safety of all participants and spectators. The coordinated operation to disinfect the computer systems affected by malware demonstrates a proactive approach in addressing cybersecurity risks and underscores the collective efforts by various actors, both domestically and internationally, to combat sophisticated cybercrime activities. As the Olympics unfold, all eyes will be on France’s ability to navigate these challenges and deliver a successful and secure event for all involved.

Source link