Menu
Recently the US Federal Bureau of Investigation (FBI) released a flash alert about the financially motivated cybercrime group FIN7 that has been targeting the US companies over the past few months with packages containing malicious USB devices to deploy ransomware. Since August, FBI has been getting reports that have detailed how FIN7 has been impersonating Amazon and the US Department of Health & Human services (HHS) by sending malicious packages containing letters about COVID-19 guidelines or counterfeit gift cards.
“There are two variations of packages—those imitating HHS [US Department of Health and Human Services] are often accompanied by letters referencing COVID-19 guidelines enclosed with a USB; and those imitating Amazon arrived in a decorative gift box containing a fraudulent thank you letter, counterfeit gift card, and a USB.”
The alert also detailed that when the targets plug the USB drive into their computers, the USB drive would execute a BadUSB attack which where the USB drive registers itself as a keyboard instead of a USB drive and send a series of preconfigured automated keystrokes to the target’s computer to download and install a range of malware and tools to allow the threat actors to gain access to the target’s network. These variety of tools have been observed in these attacks including Metasploit, Cobalt Strike, PowerShell scripts, Carbanak, GRIFFON, DICELOADER, TIRION as well as ransomware, including strains of BlackMatter and REvil ransomware
NCSC Threat Reports Feed© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.
