Hackers send gifts with an infected USB drive

The US Federal Bureau of Investigation, FBI, has issued a warning about packages containing infected USB flash drives that arrive at the addresses of US companies. The packages arrive as “a decorative gift box containing a fake thank you letter, gift card and USB”.

The FBI suspects that behind these packages is the infamous FIN7 group, which is responsible for the Darkside and BlackMatter ransomware attacks. The group has been sending such packages with infected USB devices to American companies for months, hoping to infect their systems with malware.

“Since August 2021, the FBI has received reports of several packages containing these USB devices, sent to US companies,” reads a warning sent by the FBI to US companies. The packages were sent through the United States Postal Service and UPS.

There are two types of packages – those allegedly sent by the US Department of Health, which are often accompanied by letters referring victims to the COVID-19 guidelines on USB, and another version of the package are those allegedly sent by Amazon, and those are in a decorative box.

In both cases, the packages included USB devices with the LilyGO logo.

The FBI says that if the recipients plugged the USB flash drives into their computers, it would run BadUSB attack, where a USB drive would be registered as a keyboard and perform a series of pre-configured automated keystrokes on the user’s computer. Pressing the keys would launch PowerShell commands and download and install various malware that would function as a backdoor for attackers in victims’ networks.

In cases investigated by the FBI, the group gained administrative access and then hacked into other local systems.

“FIN7 used a variety of tools – including Metasploit, Cobalt Strike, PowerShell scripts, Carbanak, GRIFFON, DICELOADER, TIRION – and installed ransomware, including BlackMatter and REvil, on the compromised network,” the agency added.

This is the second such FBI warning about USB devices that hackers from the FIN7 group send to American companies. It was first sent in March 2020, after that security firm Trustwave announced details of the case of one of their clients who received an infected USB device as a gift from BestBuy.

Source: Informacija.rs by www.informacija.rs.

*The article has been translated based on the content of Informacija.rs by www.informacija.rs. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!