I’m going to start the show off with some really good news. The FBI hacked approximately four thousand two hundred computers across the United States to eliminate a malware known as PlugX, which has been utilized by state-sponsored hackers in China to steal sensitive information. The Department of Justice revealed this operation on January 14, 2025. PlugX has been infecting computers since at least 2012, primarily through USB ports, and allows hackers to remotely control infected machines. The FBI’s operation involved collaboration with French law enforcement, which also targeted PlugX infections. By accessing the hackers’ command-and-control server, the FBI was able to issue commands that removed the malware from victims’ computers.
Axios took a look at the LockBit takedown last year. It dealt a lasting blow to one of the most notorious cybercriminal organizations. The U.S. Justice Department reported that LockBit had attacked over two thousand five hundred organizations worldwide, including major corporations and a children’s hospital. Following their takedown, the gang is still struggling to regain its footing nearly a year later. Law enforcement not only seized their infrastructure but also took control of their dark web site, undermining their reputation in the cybercriminal community. Brett Leatherman from the FBI stated that their goal was to make LockBit “radioactive.” Recent estimates from the United Kingdom’s National Crime Agency revealed that one hundred ninety-four individuals utilized LockBit’s services before the takedown, with only sixty-nine being active at that time. As the gang plans to launch a new version of its ransomware, the landscape of cybercrime continues to evolve, raising concerns about future attacks.
Microsoft has filed a lawsuit against ten individuals involved in a hacking-as-a-service scheme, claiming they used breached Azure OpenAI services to generate malicious content between July and August. The defendants allegedly compromised devices and accounts by leveraging stolen application programming interface keys and employed a software tool to identify phrases flagged by Microsoft and OpenAI. Alongside the lawsuit, Microsoft obtained a temporary restraining order to seize the hackers’ domain, enabling the company to redirect communications for investigative analysis. A spokesperson stated that this action will help preserve evidence related to the infrastructure used by the defendants.
The Cybersecurity and Infrastructure Security Agency’s Cyber Hygiene service has seen a remarkable growth of 201% over the past two years, with nearly 7,800 critical infrastructure organizations enrolling between August 2022 and August 2024. The communications industry experienced the highest increase in enrollment, followed by emergency services, critical manufacturing, and water and wastewater sectors. This surge is linked to significant improvements in the agency’s cybersecurity performance goals, including reductions in exploitable services and known vulnerabilities. Despite these gains, operational technology protocols remain a concern, particularly in government services and facilities. The findings were reported by CyberScoop and underscore the growing influence of CISA initiatives on critical infrastructure sectors.
Why do we care?
For the IT service industry, this is a prime example of government intervention working to mitigate the fallout from advanced persistent threats (APTs). he FBI’s operation is a clear indication that governments are willing to take aggressive action to neutralize threats, even if it involves accessing private systems without explicit consent. This sets a precedent for how public and private organizations might work together in the future.
The FBI’s actions raise legitimate concerns about the boundaries of law enforcement accessing private systems, even with the intent to remove malware. How does this align with privacy rights, and how will customers respond if they feel their systems were “touched” without explicit consent?
The LockBit takedown serves as an example of how coordinated efforts can cripple ransomware-as-a-service (RaaS) operations. IT providers can leverage this story to educate clients about ransomware defense strategies, particularly the importance of offline backups, network segmentation, and employee training.
For Microsoft, this move reinforces its commitment to combatting cyber threats. For IT service providers, aligning with such vendors may reassure clients about the security of the tools they use. Lawsuits and restraining orders may disrupt specific groups, but they do little to address systemic vulnerabilities. IT providers cannot rely on legal interventions to protect their clients.
That said, the CISA data shows efforts do work.

