FBI Warns Of Russian Hackers Mailing USB Drives Infected With Malware, What To Look For
It is a good idea to always be wary of packages, especially if you are not expecting one. The United States Federal Bureau of Investigation (FBI) recently warned American companies that cybercriminals are sending USB drives with ransomware in the mail. The cybercriminals have attempted to mimic legitimate institutions and companies to convince the unwitting to plug the USB drives into their devices.
The USB drives were being sent to American companies in the "transportation, insurance, and defense industries" via the United States Postal Service (USPS) and United Postal Service (UPS). There were two different kinds of packages. One package claimed to be from the United States Department of Health and Human Services (HHS) and featured COVID-19 guidelines. The other package was supposedly a "thank you" gift from Amazon that included a counterfeit gift card. Both packages contained the USB drives. The FBI has received reports about these suspicious packages from numerous companies since August 2021, including companies with contracts with the US Department of Defense.
The USB drives looked unsuspecting and were branded with the LilyGo logo. They would execute a BadUSB attack once plugged into a device and register themselves as a keyboard. According to BleepingComputer, the USB Drive would "[inject] keystrokes to install malware payloads" onto the devices. The FBI has confirmed that the cybercriminals were able to gain administrative access to some devices. Concerned companies can view the alert, images of the fake Amazon and HHS letters, and an image of a sample USB drive by registering on the InfraGard portal.
They are reportedly being sent by FIN7, a group of cybercriminals based in Eastern Europe. FIN7 especially targets businesses in the United States. A high level organizer from the group was sentenced to ten years in prison this past April. The organizer had been part of a plan to compromise millions of credit and debit cards, amounting to damages of more than $3 billion USD. The organizer had originally believed they were being hired by a legitimate company, but soon discovered it was all a front. The FBI claims that the organizer’s sentence is a victory, but the majority of FIN7 members continue to slip through the fingers of the FBI.
The USB drives were being sent to American companies in the "transportation, insurance, and defense industries" via the United States Postal Service (USPS) and United Postal Service (UPS). There were two different kinds of packages. One package claimed to be from the United States Department of Health and Human Services (HHS) and featured COVID-19 guidelines. The other package was supposedly a "thank you" gift from Amazon that included a counterfeit gift card. Both packages contained the USB drives. The FBI has received reports about these suspicious packages from numerous companies since August 2021, including companies with contracts with the US Department of Defense.
The USB drives looked unsuspecting and were branded with the LilyGo logo. They would execute a BadUSB attack once plugged into a device and register themselves as a keyboard. According to BleepingComputer, the USB Drive would "[inject] keystrokes to install malware payloads" onto the devices. The FBI has confirmed that the cybercriminals were able to gain administrative access to some devices. Concerned companies can view the alert, images of the fake Amazon and HHS letters, and an image of a sample USB drive by registering on the InfraGard portal.
They are reportedly being sent by FIN7, a group of cybercriminals based in Eastern Europe. FIN7 especially targets businesses in the United States. A high level organizer from the group was sentenced to ten years in prison this past April. The organizer had been part of a plan to compromise millions of credit and debit cards, amounting to damages of more than $3 billion USD. The organizer had originally believed they were being hired by a legitimate company, but soon discovered it was all a front. The FBI claims that the organizer’s sentence is a victory, but the majority of FIN7 members continue to slip through the fingers of the FBI.
