FBI - Hackers Mailing Malicious USB Sticks to Businesses
Reading Time: 2 minutes

The Federal Bureau of Investigation (FBI) has alerted all US businesses of hackers mailing malicious USB sticks to them via the US postal services and deceiving them into installing malware on their machines. 

According to the FBI, the bad actors are sending USB sticks enclosed in a package to victims who plug them into a computer. Leading to a BadUSB attack, as the USB device registers itself as a keyboard and executes a number of pre-configured keystrokes on the victim’s machine.

This leads to PowerShell commands being executed and download and installation of numerous malware strains which can be used as backdoors to the victim’s network to carry out future network attacks. The hackers managed to install a number of vulnerability-scanning and pentest tools such as Metasploit and Cobalt Strike, as well as BlackMatter and REvil ransomware, among others.

The FBI has managed to uncover a number of cases where attackers have been able to gain access to machines and then move laterally across the victim’s network.

According to The Record, the FBI said, “Since August 2021, the FBI has received reports of several packages containing these USB devices, sent to US businesses in the transportation, insurance, and defense industries. The packages were sent using the United States Postal Service and United Parcel Service.”

Further, the report mentioned, “There are two variations of packages – those imitating HHS are often accompanied by letters referencing COVID-19 guidelines enclosed with a USB; and those imitating Amazon arrived in a decorative gift box containing a fraudulent thank you letter, counterfeit gift card, and a USB.”

The FIN7 hacking group has been identified behind the waves of attacks across the US since August 2021. It is the same group behind DarkSide and BlackMatter ransomware campaigns. 

The FBI in a statement said the hackers were using United States Postal Service (USPS) and United Parcel Service (UPS) to deliver the LilyGO-branded USB sticks pre-loaded with malware. These came from seemingly reputable organizations such as Amazon and the US Department of Health and Human Services (HHS).

Related Articles:
PUBG Mobile- Game Hackers to Pay US$10million in Damages to Tencent and Krafton
Hackers Target Real Estate Websites with Skimmers
Don’t Store your Password in Chrome As Hackers can target Remote Workers