The FBI has warned of a FIN7 cybercrime campaign in which attackers mail USB thumb drives to US organizations with the goal of delivering ransomware into their environments.
In an alert sent late last week, the FBI said it has received reports of several packages containing malicious USB devices that were sent to US companies in the transportation, insurance, and defense industries. The activity has been ongoing since August 2021, the FBI said, and packages were sent via the United States Postal Service and United Parcel Service.
There are two versions of packages sent: One is disguised to appear as though it's from the US Department of Health and Human Services; these parcels often contain messages about COVID-19 guidelines in addition to the USB. The second type is designed to imitate Amazon; these come in a decorated gift box with a thank-you message, fake gift card, and the malicious USB.
According to the FBI, recipients who plug these USB drives into their devices would become the victims of a "BadUSB" attack in which the USB would register itself as a keyboard and send preconfigured keystrokes and commands to the machine. These would run PowerShell commands that installed malware and became a backdoor for future access.
FIN7 has reportedly used several tools — including Metasploit, Cobalt Strike, Carbanak, and PowerShell scripts — to deploy ransomware, such as BlackMatter and REvil, on target networks, reported The Record, citing the FBI alert.
Read more details here.