A notorious cybercrime gang, involved in a series of high profile ransomware attacks, has in recent months been sending out poisoned USB devices to US organisations.

As The Record reports, the FBI has warned that FIN7 – the well-organised cybercrime group believed to behind the Darkside and BlackMatter ransomware operations – has been mailing out malicious USB sticks in the hope that workers will plug them into their computers.

According to the FBI, anyone who plugs in the USB drives into their devices runs the risk of becoming victim of a “BadUSB” attack.

A BadUSB device uses the USB stick’s microcontroller to impersonate a keyboard, and sends malicious commands to any computer to which it is attached. It’s effectively the equivalent of allowing a malicious hacker to walk into your building, sit at an unlocked computer, and start typing.

On this occasion, the automated keystrokes run PowerShell commands that download and install malware onto the computers, and allow malicious hackers to gain unauthorised remote access. Attackers could then use a variety of tools to deploy ransomware inside an organisation.

A security alert issued by the FBI warns that the dangerous USB sticks, which are branded LilyGO, have been mailed out via the United States Postal Service and UPS to businesses working in the transportation, insurance, and defence industries.

The packages are said to often be accompanied by letter which refer to COVID-19 guidelines, or pretend to be a gift sent via Amazon, arriving in “a decorative gift box containing a fraudulent thank you letter, counterfeit gift card, and a USB.”

The FBI warns that it has received reports of the packages being received by targeted organisations since August 2021, and as recently as November a US company working in the defence sector received a malicious USB stick accompanied (Read more...)