A group of cybercriminals in Eastern Europe have tried to break into American companies in the transportation, security and insurance sectors by sending malicious USB devices to these organizations. The FBI warned U.S. businesses this week with advice reaching CNN.
The anonymous companies received a series of fake letters through the U.S. Postal Service and UPS from August to November that impersonated the Department of Health and Personnel Services in some cases, and Amazon in other cases, according to the FBI.
But instead of a real Amazon gift card, or certified instruction about the corona plague, the letters came with a USB device containing malware. If inserted into a computer, the USB could give the hacking group access to an organization’s networks to deploy ransomware. It is not clear if one of the companies was injured in the incidents.
Some publications attributed the attack to the FIN7 group. However, not everyone agrees on the issue. “The American cyber security company Mandiant, which also analyzed some of the malicious code sent via USB, said it had ‘low confidence’ that the activity could be” attributed to a player identified with FIN7 “. Neither could CNN independently attribute the activity described by the FBI to FIN7.
The FBI, which regularly sends such alerts about cyber threats to U.S. businesses, did not respond to a request for comment.
Benzi Ben-Atar, CMO and co-founder of sepio systems, commented on the case: “Social engineering techniques can exploit human greed for free gifts. Greed often outweighs the instincts that were supposed to warn us.
“In an attempt to take advantage of human greed, Validity offered the hosting company a $ 50 gift card for Best Buy that can be accessed via a USB drive. In this case, the recipient suspected and demonstrated good instincts or good training in cyber security – or both and prevented the attack from taking place. “