{"id":6124,"date":"2022-01-07T09:52:51","date_gmt":"2022-01-07T00:52:51","guid":{"rendered":"https:\/\/cyberenso.jp\/?p=6124"},"modified":"2022-02-03T09:55:54","modified_gmt":"2022-02-03T00:55:54","slug":"fbi-release-flash-alert-against-fin7s-use-of-badusb-devices-to-deploy-ransomware","status":"publish","type":"post","link":"https:\/\/cyberenso.jp\/en\/fbi-release-flash-alert-against-fin7s-use-of-badusb-devices-to-deploy-ransomware\/","title":{"rendered":"FBI release flash alert against FIN7\u2019s use of BadUSB devices to deploy ransomware"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"6124\" class=\"elementor elementor-6124\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-919ec16 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"919ec16\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0ef564e\" data-id=\"0ef564e\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6362f5f elementor-widget elementor-widget-text-editor\" data-id=\"6362f5f\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>Recently the US Federal Bureau of Investigation (FBI) released a flash alert about the financially motivated cybercrime group FIN7 that has been targeting the US companies over the past few months with packages containing malicious USB devices to deploy ransomware. Since August, FBI has been getting reports that have detailed how FIN7 has been impersonating Amazon and the US Department of Health &amp; Human services (HHS) by sending malicious packages containing letters about COVID-19 guidelines or counterfeit gift cards.<\/p><p>\u201cThere are two variations of packages\u2014those imitating HHS [US Department of Health and Human Services] are often accompanied by letters referencing COVID-19 guidelines enclosed with a USB; and those imitating Amazon arrived in a decorative gift box containing a fraudulent thank you letter, counterfeit gift card, and a USB.\u201d<\/p><p>The alert also detailed that when the targets plug the USB drive into their computers, the USB drive would execute a BadUSB attack which where the USB drive registers itself as a keyboard instead of a USB drive and send a series of preconfigured automated keystrokes to the target\u2019s computer to download and install a range of malware and tools to allow the threat actors to gain access to the target\u2019s network. These variety of tools have been observed in these attacks including Metasploit, Cobalt Strike, PowerShell scripts, Carbanak, GRIFFON, DICELOADER, TIRION as well as ransomware, including strains of\u00a0BlackMatter\u00a0and\u00a0REvil ransomware<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Recently the US Federal Bureau of Investigation (FBI) released a flash alert about the financially motivated cybercrime group FIN7 that has been targeting the US companies over the past few months with packages containing malicious USB devices to deploy ransomware. Since August, FBI has been getting reports that have detailed how FIN7 has been impersonating Amazon and the US Department<span class=\"excerpt-hellip\"> [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":6129,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,10,12,2,1],"tags":[],"class_list":["post-6124","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-latest_news","category-latest_vulnerabilities","category-read_article","category-ce_news","category-uncategorized"],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cyberenso.jp\/wp-content\/uploads\/2022\/02\/Picture1-20.jpg?fit=1379%2C919&ssl=1","_links":{"self":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/6124"}],"collection":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/comments?post=6124"}],"version-history":[{"count":6,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/6124\/revisions"}],"predecessor-version":[{"id":6132,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/6124\/revisions\/6132"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media\/6129"}],"wp:attachment":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media?parent=6124"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/categories?post=6124"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/tags?post=6124"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}