In the government context they are widespread USB driveequipped with adequate protection and encryption systems, to protect sensitive data. Apparently, however, some hackers are managing to attack these media, causing considerable damage to the governments involved.
This series of attacks saw government agencies in Southeast Asia as the main victims. Due to the nature of these objectives, the number of operations in this sense was reduced, but with considerable damage. The attacks are believed to have been conducted by very experienced and resourceful hackers who were interested in conducting espionage operations in secure and private government networks.
According to a report by Kaspersky for the third quarter of 2023, this long-running campaign includes several malicious modules that can execute commands, collect data from workstations infected and transfer them to additional machines using the same or different USB drives that are considered safe.
USB drives considered safe turn out to be at risk: government entities in the crosshairs
The attack uses sophisticated tools and methods, such assoftware obfuscation based on virtualizationl’self-replication via connected secure USB drives to spread to other systems with air gap and injecting code into a legitimate access management program on the USB drive it serves as loader for malware on a new computer.
Although this collective has been implicated in other regions (such as South America) in the past, experts have identified the BlindEagle hackers as possible perpetrators. In fact, in previous campaigns, this has demonstrated a similar modus operandi, acting both in the context of espionage and in the pure and simple theft of financial data.
This group has used this in the past Remote access Trojan (RAT) of various types (such as AsyncRAT, Lime-RAT e BitRAT) in its operations. Action through USB drives, however, would be new, as BlindEagle has previously operated primarily through E-mail di spear-phishing.
Cyber espionage continues to be one of the top priorities of APT campaigns and the current geopolitical context offers fertile ground for such campaigns.