The FBI is warning organizations in the U.S. about a new social-engineering attack from the infamous cybercriminal group FIN7. The group reportedly targeted the U.S. defense sector with a package of malicious USB flash drives to deploy ransomware and launch BadUSB attacks. According to a report, the FIN7 group sent several packs of USB devices, using the U.S. Postal Service and U.S. Parcel Service, to organizations in the transportation, insurance, and defense sectors.
The attackers sent the malicious USB drives via two packages— one is imitating (U.S. Department of Health and Human Services) HHS referencing COVID-19 guidelines. Another is mimicking a gift box from Amazon containing a fake gift card and a USB. The hackers used LilyGO-branded USB devices in this campaign.
Hackers Executing BadUSB Attack
The FBI claim that the malicious USB drives are designed to launch a BadUSB attack on the targeted devices. In BadUSB attacks, threat actors leverage USB devices programmed with malicious software.
Once a victim plugs the USB drives into their systems, the USB device registers itself as a keyboard and sends a series of preconfigured automated keystrokes to the victim’s computer. The keystrokes then run PowerShell commands that automatically install the final malware payload acting as the backdoor for the attacker’s campaign. FBI stated the group illicitly obtained administrative privilege access and moved laterally to compromise local systems in the targeted network.
The agency also stated that FIN7 actors leveraged a variety of malware and ransomware variants, including Metasploit, PowerShell scripts, Carbanak, GRIFFON, Cobalt Strike, DICELOADER, TIRION, BlackMatter, and REvil.
FIN7 Hackers on the Rise
Since 2015, FIN7 attackers have engaged in various malware campaigns that targeted more than 100 U.S. companies.The group recently targeted companies under the guise of a cybersecurity services firm, Bastion Secure. The group reportedly recruited IT specialists to conduct pen testing and carry out ransomware attacks through this phony company.. Researchers from the Gemini Advisory group posed as IT professionals and applied for the role of IT executives. They were asked to analyze tools and network files. The company appears legitimate as it has closely replicated other service companies in its recruitment process. Read More Here…