The FBI now believe that Russian hackers FIN7, who are behind the Darkside and BlackMatter ransomware operations, are responsible for the operation.
According to the US agency, the group’s packages were being sent via the United States Postal Service or United Parcel Service and appeared as official companies.
They added that the hackers usually pretended to be from the US Department of Health & Human Services or from Amazon as a means to trick their ransomware targets.
The FBI issued a warning for businesses that these packages had been certified as dangerous and fake by the FBI.
Their statement was: “Since August 2021, the FBI has received reports of several packages containing these USB devices, sent to US businesses in the transportation, insurance, and defense industries,”
“The packages were sent using the United States Postal Service and United Parcel Service.
“There are two variations of packages—those imitating HHS are often accompanied by letters referencing COVID-19 guidelines enclosed with a USB; and those imitating Amazon arrived in a decorative gift box containing a fraudulent thank you letter, counterfeit gift card, and a USB.”
FBI also confirmed that all packages contained LilyGO USBs, which could be used to execute a task if they were plugged into a device. ‘BadUSB’Attack the computer and infect it using the dangerous malware software.
The Record added that, in most cases investigated by the US agency, the group would obtain administrative access and then “move laterally to other local systems.”
According to the FBI hackers were targeting US hospitals as well as the postal service with spamware infested USBs. It looked like they were from legitimate companies, according to the FBI. Getty Images
The latest warning comes after similar Russian malware infiltrated a huge number of companies across the US last July.
The breach, which is the largest ransomware attack on record, reportedly hit the IT systems of up to one million companies across the globe over a 24-hour period, by targeting the systems of US-based software firm Kaseya.
Two days later, Russian hackers REvil demanded a $70million Bitcoin payment for a key decryption.
This story originally appeared on The Sun and was reproduced here with permission