The FBI now believes that FIN7, the Russian hackers behind the DarkSide and BlackMatter ransomware operations, were responsible for this operation.
According to the US agency, the group’s packages are shipped through the United States Postal Service or the United Parcel Service and appear as authorized companies.
He adds that hackers often pretend to be ransomware targets from the US Department of Health and Human Services or Amazon.
The FBI has warned businesses that these packages are certified as fake and dangerous.
Their statement read: “Since August 2021, the FBI has received reports of several packages containing these USB devices sent to US businesses in the transportation, insurance and defense industries,”
“Packages sent using the United States Postal Service and United Parcel Service.
“There are two packages – HHS emulators are often accompanied by letters referring to the COVID-19 guidelines enclosed with USB; and those who imitate Amazon came in a fancy gift box containing a fraudulent thank you card, fake gift card and USB.
The FBI has confirmed that all packages include LilyGO-branded USBs, which, if plugged into the device, can trigger ‘BadUSB’ attacks and infect with dangerous malware software.
Documentation In most cases investigated by the US agency, the group gains administrative access and then “moves laterally to other local systems,” it added.
The latest warning comes after a similar Russian malware infiltrated a large number of companies across the US last July.
The breach, the largest ransomware attack on record, is reported to have targeted the systems of US-based software company Kaseya and hit one million companies’ IT systems around the world in a 24-hour period.
Two days later, Russian hackers demanded payment of $ 70 million for the decryption key on Revil Bitcoin.
This story originally appeared On the sun And reproduced here with permission