The US Federal Bureau of Investigation (FBI) has warned against the actions of the hacking group FIN7, which mails flash disks with malicious software. The main goals are companies operating in the field of defense, transport and insurance. The criminals hope that employees will be trusting enough to connect flash drives to their computers, creating an opportunity for a ransomware attack or the deployment of other malicious software.
The attackers made sure her shipments looked harmless. In some cases, packages were masked so that as if sent by the US Department of Health with notes explaining that the discs contain important information about the covid-19 directives. In other cases, as if it were a gift from Amazon, which included a decorative gift box containing a fraudulent thank you letter, a fake gift card and the flash drive itself.
A gift full of malware
The whole event seems to have been going on for at least a few months – investigators claim that they received the first reports of these activities in August last year. FIN7 is described as an extremely sophisticated cybercrime group that allegedly stole more than $ 1 billion through various hacking activities during its career. Among other things, it is associated with DarkSide and BlackMatter ransomware.
Packages with malicious flash drives were shipped through the United States Postal Service and the United Parcel Service. In all cases, there was a LilyGO flash drive in the box. If the recipient connects the device to the computer, it registers as a keyboard and sends a series of preset automatic keystrokes to the system.
These keystrokes trigger PowerShell commands that download and install various strains of malware, which then act as backdoors into the victim’s network. In cases investigated by the FBI, cybercriminals gained administrative access and then attacked other systems within the local network.
Do not connect unknown flash drives!
Although it may seem ridiculous for someone to connect a foreign flash drive to your computer, several studies have shown that this is exactly what many people will do when the opportunity arises. That’s why it’s a popular trick to leave a flash drive with malicious content in a company’s parking lot in the hope that an employee will pick it up and, out of curiosity, plug it into a company laptop. In 2008, an attack on the Pentagon was launched in this way.
The number of hacking attacks, data theft and extortion for financial gain has been growing for several decades. The best way to stay safe has been, are and will be vigilance and vigilance. This includes a simple rule: do not plug in flash drives from untrusted sources whose contents are unknown to you in advance.