Posted:

9 ene 2022 19:44 GMT

Cybercriminals pass their packages on as shipments from Amazon or the US Department of Health and Human Services.

The US Federal Bureau of Investigation (FBI) warns against summoning a huge group of cybercriminals FIN7 Try to infiltrate American companies in the sectors of transportation, defense and insurance by shipping Malicious USB drives These organizations, hoping to infect their systems with “malware” and carry out attacks in the future.

“Since August 2021, the FBI has received reports of several packages containing these USB devices,” reads the alert issued by the FBI and reviewed by media specializing in cybersecurity. sleeping computer. “The parcel was sent by the United States Postal Service,” the statement said.

According to the FBI, criminals use two procedures to make shipments: by means of a package apparently sent by the US Department of Health and Human Services (“often accompanied by letters indicating that Advice about the COVID-19 virus Supplied with USB”); and by purported shipment from Amazon consisting of “a decorative gift box containing a Fraudulent thank you letterAnd a fake gift card and USB.”

In both cases, the packages contained branded USB devices. LilyGO, with “malware” downloaded and installed on computers to which USB devices are connected. This way, criminals gain administrative access, and they can then move on to other local systems.

This is The second time That the FBI warns of the malicious actions of FIN7, a group that, according to the US agency, operates from Eastern Europe. The first alert was issued in March 2020, after security firm Trustwave found a USB device that FIN7 had sent to one of its customers.