Hackers from the FIN7 group are sending malicious USB sticks to companies. The sticks contain ransomware packaged in seemingly innocent files.

According to The Record, the FBI (U.S. intelligence agency) recently warned companies about so-called BadUSB attacks. Since August 2021, several companies have reportedly received anonymous USB sticks through the mail. These USB sticks appear to contain innocent information. In one instance, COVID-19 protocols from the U.S. Department of Health were used as a disguise. In reality, the USB sticks push malware installations upon connection.

FIN7 group

The USB sticks are being sent by members of the so-called FIN7 group. This group is held responsible for the Darkside ransomware attack, BlackMatter attack and various other incidents. The hackers mainly target American companies in the transport, insurance and defence sectors.

USB sticks with malware

The malicious USB sticks were branded by LILYGO and manipulated to simulate a keyboard. This keyboard executes programmed keystrokes to command the installation of malware before an OS is booted. BlackMatter and REvil were two of the malware families found by authorities. The malware enables the exploitation of PCs and the spread of malicious tools. These tools include Metasploit, Cobalt Strike, Carbanak, GRIFFON, DICELOADER and TIRION.