Technology

Hacker Group FIN7 Give Away USB Sticks To Target US Defense Industry

There are companies that protect their systems from external attacks well – that’s why hackers in the USA have now started another wave of attacks. You send USB sticks with ransomware and wait for corporate employees to fail to recognize the deceit. The Federal Bureau of Investigation (FBI) warns US companies about the unusual attacks with blackmail software.

The FBI has discovered that the hacking group FIN7 is currently targeting the US defense industry by giving away compromised USB devices that can install ransomware. The attackers sent packages with “BadUSB” or “Bad Beetle USB” devices with the LilyGO logo, which are offered for sale on the Internet. The USB sticks are then sent via the United States Postal Service (USPS) and United Parcel Service (UPS). From the summer of 2021, such parcels have been sent to all companies, and later to specifically to defense companies.

Different tricks, one target

FIN7 pretends that the packages come from Amazon and the US Department of Health & Human Services (HHS) in order to entice the recipients to unpack them and connect the USB drives to their systems. The packages also reportedly include instructions about COVID-19 guidelines, fake gift cards, and fake thank you notes, depending on who they are for.

The human factor is used to act as a weak point and give ransomware access to internal networks. The aim of the attacks is to access victims’ networks and install ransomware (including BlackMatter and REvil) using various tools such as Metasploit, Cobalt Strike, Carbanak malware, the Griffon backdoor, and PowerShell scripts.

Years of Success

These attacks follow another series of incidents warned by the FBI two years ago when FIN7 operators posed as Best Buy and USPS sent similar packages of malicious flash drives to hotels, restaurants, and retail stores. However, nothing is known about attacks in Europe.