The US Federal Bureau of Investigation says that FIN7, an infamous cybercrime group that is behind the Darkside and BlackMatter ransomware operations, has sent malicious USB devices to US companies over the past few months in the hopes of infecting their systems with malware and carrying out future attacks.
“Since August 2021, the FBI has received reports of several packages containing these USB devices, sent to US businesses in the transportation, insurance, and defense industries,” the Bureau said in a security alert sent yesterday to US organizations.
“The packages were sent using the United States Postal Service and United Parcel Service,” the agency added.
“There are two variations of packages—those imitating HHS [US Department of Health and Human Services ] are often accompanied by letters referencing COVID-19 guidelines enclosed with a US
B; and those imitating Amazon arrived in a decorative gift box containing a fraudulent thank you letter, counterfeit gift card, and a USB.”
In both cases, the packages contained LilyGO-branded USB devices.
The USB drives contain so-called ‘BadUSB’ attacks. They were sent in the mail through the United States Postal Service and United Parcel Service. One type contained a message impersonating the US Department of Health and Human Services and claimed to be a COVID-19 warning. Other malicious USBs were sent in the post with a gift card claiming to be from Amazon.
The USB drives were configured to register as a keyboard device after being plugged in. They then injected keystrokes into the target PC to install malware. Numerous attack tools were installed that allowed for exploitation of PCs, lateral movement across a network, and installation of additional malware.
So be careful and never assume an unknown USB or Bluetooth device is safe.
Ransomware is alive and well targeting everyone.
To learn more about reactive and proactive solutions to protecting your data contact H-11 Digital Forensics and our partner LIFARS has become a global leader in digital forensics, and cyber resiliency services, with team members located across North America and Europe. Named the top 20 cybersecurity company in New York and the top 500 cybersecurity company globally, LIFARS has achieved immense market recognition and success.
References: HackRead; ZDNet; and The Record