PlugX worm disinfection campaign feedbacks

Sekoia.io TDR describes taking control of a PlugX worm C2 IP, developing a sinkhole and an ergonomic disinfection portal to enable "sovereign disinfection," coordinating with the Paris Public Prosecutor’s Office and the French Gendarmerie National Cyber Unit and executing a campaign in which the non-intrusive self-delete disinfection payload was delivered 59,475 times to 5,539 IPs at the request of multiple countries; the report outlines the technical approach, legal constraints, and outcomes of the operation.