FBI Warns FIN7 Campaign Delivers Ransomware via BadUSB
An FBI warning says the FIN7 cybercrime group has sent packages containing malicious USB drives to US companies in an effort to spread ransomware.
The FBI has warned of a FIN7 cybercrime campaign in which attackers mail USB thumb drives to US organizations with the goal of delivering ransomware into their environments.
In an alert sent late last week, the FBI said it has received reports of several packages containing malicious USB devices that were sent to US companies in the transportation, insurance, and defense industries. The activity has been ongoing since August 2021, the FBI said, and packages were sent via the United States Postal Service and United Parcel Service.
There are two versions of packages sent: One is disguised to appear as though it's from the US Department of Health and Human Services; these parcels often contain messages about COVID-19 guidelines in addition to the USB. The second type is designed to imitate Amazon; these come in a decorated gift box with a thank-you message, fake gift card, and the malicious USB.
According to the FBI, recipients who plug these USB drives into their devices would become the victims of a "BadUSB" attack in which the USB would register itself as a keyboard and send preconfigured keystrokes and commands to the machine. These would run PowerShell commands that installed malware and became a backdoor for future access.
FIN7 has reportedly used several tools — including Metasploit, Cobalt Strike, Carbanak, and PowerShell scripts — to deploy ransomware, such as BlackMatter and REvil, on target networks, reported The Record, citing the FBI alert.
Read more details here.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024