Oct 20 2023

Hackers Using Secure USB Drives To Attack Government Entities

Category: Cyber Attack,Hacking,Information Securitydisc7 @ 9:36 am

An ongoing attack on government agencies in the APAC region has been claimed to have compromised a secure USB device with hardware encryption.

The nation’s government agencies utilize these safe USB devices to transfer and save data between computer systems.

The attacks had a very small number of victims and were highly targeted. The attacks are believed to have been conducted by a highly experienced and resourceful threat actor interested in conducting espionage operations in secure and private government networks.

Cyber Espionage Via Secure USBs

According to the Kaspersky APT trends report for Q3 2023, this long-running campaign comprises several malicious modules that may execute commands, gather data from infected workstations, and transfer it to further machines using the same or different secure USB drives. 

On the infected computers, the attacks can also carry out additional harmful files.

The attack uses sophisticated tools and methods, such as virtualization-based software obfuscation for malware components, self-replication through connected secure USB drives to spread to other air-gapped systems, and code injection into a legitimate access management program on the USB drive that serves as a loader for the malware on a new machine.

BlindEagle, a financially motivated threat group, has targeted both people and governmental organizations in South America. Although espionage is the threat actor’s main objective, it has demonstrated interest in obtaining financial data.

BlindEagle is characterized by its capacity to cycle through different open-source remote access Trojans (RATs), including AsyncRAT, Lime-RAT, and BitRAT, and utilize them as the ultimate payload to accomplish its goals.

The gang sends spear-phishing emails with Microsoft Office documents attached to its victims. This starts a multi-level infection strategy that results in installing a new Trojan that is primarily made to steal data from the victim’s computer and take over by executing arbitrary commands.

APT campaigns are still widely spread geographically. Attackers have targeted Europe, South America, the Middle East, and other regions of Asia this quarter.

Government, military, defense, gaming, software, entertainment, utilities, banking, and manufacturing are just a few of the industries being attacked.

Cyber espionage continues to be a top priority of APT campaigns, and geopolitics continues to be a major factor in APT development.

“It is therefore very important to build a deep understanding of the TTPs of this threat actor and to watch out for future attacks,” reads the report.

https://gbhackers.com/hackers-using-secure-usb-attack-government-entities/

Kingston Ironkey Locker+ 50 16GB Encrypted USB Flash Drive | USB 3.2 Gen 1 | XTS-AES Protection | Multi-Password Security Options | Automatic Cloud Backup

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: encrypted usb drive, USB Drives To Attack


Mar 06 2017

Secure usb flash drive – password protected and Encrypted

Category: data securityDISC @ 2:01 pm

Encrypted Flash Drives

Top Rated
Kingston Digital 8GB Data Traveler AES Encrypted




Tags: encrypted usb drive, password protected usb, protected flash drive, USB flash drive