{"id":4182,"date":"2022-01-08T22:28:57","date_gmt":"2022-01-08T16:58:57","guid":{"rendered":"https:\/\/xiarch.com\/blog\/?p=4182"},"modified":"2022-01-08T22:28:59","modified_gmt":"2022-01-08T16:58:59","slug":"why-do-attackers-utilize-badusb-to-target-defense-organizations-with-ransomware","status":"publish","type":"post","link":"https:\/\/xiarch.com\/blog\/why-do-attackers-utilize-badusb-to-target-defense-organizations-with-ransomware\/","title":{"rendered":"Why do attackers utilize BadUSB to target Defense organizations with Ransomware?"},"content":{"rendered":"\n

The FBI (Federal Bureau of Investigation) alerted US firms in a currently updated flash warned that the financially motivated FIN7 cyber attacker\u2019s gang targeted the US defense industry with the packages containing malicious USB devices to set up the ransomware. The threat actor mailed the packages which contain s \u2018BadUSB\u2019 or can say \u2018Bad Beetle USB\u2019 devices with the LilyGo logo, commonly available for sale on the Internet.<\/p><\/p>\n\n\n\n

They utilized the United States Postal Service (USPS) and United Parcel Service (UPS) to mail the malicious packages to businesses in the transportation and insurance industries since August 2021 and protection firms initiated with November 2021.<\/p><\/p>\n\n\n\n

How does BlackMatter or REvil ransomware expand on the Seized Networks?<\/strong><\/h2>\n\n\n\n

Fin7 operators impersonated Amazon and the US Department of Health & Human Services (HHS) to victimize the targets into launching the packages and connecting the USB drivers to their systems. Since August, reports collected by the FBI states that these malicious packages also include letters about COVID-19 guidelines or fictitious gift cards and forged thank you notes, relying on the impersonated entity.<\/p><\/p>\n\n\n\n

After the targets plug the USB drive into their computers, it automatically registers as a Human Interface Device (HID) Keyboard permitting it to run even with removable storage devices toggled off.<\/p><\/p>\n\n\n\n

It then starts inserting keystrokes to install the malware payloads on the negotiated systems. FIN7\u2019s end goal in some attacks is to access the victim\u2019s networks and set up the ransomware (which includes BlackMatter and REvil) within a negotiated network utilizing various tools, including Metasploit, Cobalt Strike, Carbanak malware, the Griffon backdoor, and PowerShell scripts.<\/p><\/p>\n\n\n\n

\"Why-Attacker-utilize-BadUSB-to-target-Defense-Organization-with-Ransomware-iamge1\"<\/figure><\/div>\n\n\n\n

How is Malware pushed using teddy bears?<\/strong><\/h2>\n\n\n\n

These attacks follow another series of incidents the FBI warned about two years ago when FIN7 operators impersonated Best Buy and mailed similar packages with malicious flash drives via USPS to hotels, restaurants, and retail businesses.<\/p><\/p>\n\n\n\n

Reports of such attackers started surfacing back in February 2020. Some of the targets also reported that the hackers emailed or called to pressure them into connecting the drives to their systems. Beginning with at least May 2020, malicious packages sent by FIN7 also included items such as teddy bears designed to trick the targets’ into lowering their guard.<\/p><\/p>\n\n\n\n

Attacks like those attempted by FIN7 are known as HID or USB drive-by attacks, and they can only be successful if the victims are willing to or tricked into plugging unknown USB devices into their workstations.<\/p><\/p>\n\n\n\n

Organizations can defend against such attacks by allowing their employees to connect only USB devices based on their hardware ID or if they’re vetted by their security team.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"

The FBI (Federal Bureau of Investigation) alerted US firms in a currently updated flash warned that the financially motivated FIN7 cyber attacker\u2019s gang targeted the US defense industry with the packages containing malicious USB devices to set up the ransomware. The threat actor mailed the packages which contain s \u2018BadUSB\u2019 or can say \u2018Bad Beetle […]<\/p>\n","protected":false},"author":2,"featured_media":4186,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"yoast_head":"\nWhy do attackers utilize BadUSB to target Defense organizations with Ransomware? - Xiarch Solutions Private Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/xiarch.com\/blog\/why-do-attackers-utilize-badusb-to-target-defense-organizations-with-ransomware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Why do attackers utilize BadUSB to target Defense organizations with Ransomware? - Xiarch Solutions Private Limited\" \/>\n<meta property=\"og:description\" content=\"The FBI (Federal Bureau of Investigation) alerted US firms in a currently updated flash warned that the financially motivated FIN7 cyber attacker\u2019s gang targeted the US defense industry with the packages containing malicious USB devices to set up the ransomware. The threat actor mailed the packages which contain s \u2018BadUSB\u2019 or can say \u2018Bad Beetle […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/xiarch.com\/blog\/why-do-attackers-utilize-badusb-to-target-defense-organizations-with-ransomware\/\" \/>\n<meta property=\"og:site_name\" content=\"Xiarch Solutions Private Limited\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/xiarch\/\" \/>\n<meta property=\"article:published_time\" content=\"2022-01-08T16:58:57+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-01-08T16:58:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2022\/01\/Why-Attacker-utilize-BadUSB-to-target-Defense-Organization-with-Ransomware-featured-image.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"525\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Xiarch Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@xiarch\" \/>\n<meta name=\"twitter:site\" content=\"@xiarch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Xiarch Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/xiarch.com\/blog\/why-do-attackers-utilize-badusb-to-target-defense-organizations-with-ransomware\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/why-do-attackers-utilize-badusb-to-target-defense-organizations-with-ransomware\/\"},\"author\":{\"name\":\"Xiarch Security\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\"},\"headline\":\"Why do attackers utilize BadUSB to target Defense organizations with Ransomware?\",\"datePublished\":\"2022-01-08T16:58:57+00:00\",\"dateModified\":\"2022-01-08T16:58:59+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/xiarch.com\/blog\/why-do-attackers-utilize-badusb-to-target-defense-organizations-with-ransomware\/\"},\"wordCount\":439,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"articleSection\":[\"Vulnerabilities\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/xiarch.com\/blog\/why-do-attackers-utilize-badusb-to-target-defense-organizations-with-ransomware\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/xiarch.com\/blog\/why-do-attackers-utilize-badusb-to-target-defense-organizations-with-ransomware\/\",\"url\":\"https:\/\/xiarch.com\/blog\/why-do-attackers-utilize-badusb-to-target-defense-organizations-with-ransomware\/\",\"name\":\"Why do attackers utilize BadUSB to target Defense organizations with Ransomware? - Xiarch Solutions Private Limited\",\"isPartOf\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#website\"},\"datePublished\":\"2022-01-08T16:58:57+00:00\",\"dateModified\":\"2022-01-08T16:58:59+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/xiarch.com\/blog\/why-do-attackers-utilize-badusb-to-target-defense-organizations-with-ransomware\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/xiarch.com\/blog\/why-do-attackers-utilize-badusb-to-target-defense-organizations-with-ransomware\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/xiarch.com\/blog\/why-do-attackers-utilize-badusb-to-target-defense-organizations-with-ransomware\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/xiarch.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Why do attackers utilize BadUSB to target Defense organizations with Ransomware?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/xiarch.com\/blog\/#website\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"name\":\"Xiarch Solutions Private Limited\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/xiarch.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/xiarch.com\/blog\/#organization\",\"name\":\"Xiarch\",\"url\":\"https:\/\/xiarch.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"contentUrl\":\"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png\",\"width\":300,\"height\":300,\"caption\":\"Xiarch\"},\"image\":{\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/xiarch\/\",\"https:\/\/twitter.com\/xiarch\",\"https:\/\/www.linkedin.com\/company\/xiarch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c\",\"name\":\"Xiarch Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g\",\"caption\":\"Xiarch Security\"},\"sameAs\":[\"https:\/\/xiarch.com\/blog\/\"],\"url\":\"https:\/\/xiarch.com\/blog\/author\/vector\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Why do attackers utilize BadUSB to target Defense organizations with Ransomware? - Xiarch Solutions Private Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/xiarch.com\/blog\/why-do-attackers-utilize-badusb-to-target-defense-organizations-with-ransomware\/","og_locale":"en_US","og_type":"article","og_title":"Why do attackers utilize BadUSB to target Defense organizations with Ransomware? - Xiarch Solutions Private Limited","og_description":"The FBI (Federal Bureau of Investigation) alerted US firms in a currently updated flash warned that the financially motivated FIN7 cyber attacker\u2019s gang targeted the US defense industry with the packages containing malicious USB devices to set up the ransomware. The threat actor mailed the packages which contain s \u2018BadUSB\u2019 or can say \u2018Bad Beetle […]","og_url":"https:\/\/xiarch.com\/blog\/why-do-attackers-utilize-badusb-to-target-defense-organizations-with-ransomware\/","og_site_name":"Xiarch Solutions Private Limited","article_publisher":"https:\/\/www.facebook.com\/xiarch\/","article_published_time":"2022-01-08T16:58:57+00:00","article_modified_time":"2022-01-08T16:58:59+00:00","og_image":[{"width":1000,"height":525,"url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2022\/01\/Why-Attacker-utilize-BadUSB-to-target-Defense-Organization-with-Ransomware-featured-image.jpg","type":"image\/jpeg"}],"author":"Xiarch Security","twitter_card":"summary_large_image","twitter_creator":"@xiarch","twitter_site":"@xiarch","twitter_misc":{"Written by":"Xiarch Security","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/xiarch.com\/blog\/why-do-attackers-utilize-badusb-to-target-defense-organizations-with-ransomware\/#article","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/why-do-attackers-utilize-badusb-to-target-defense-organizations-with-ransomware\/"},"author":{"name":"Xiarch Security","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c"},"headline":"Why do attackers utilize BadUSB to target Defense organizations with Ransomware?","datePublished":"2022-01-08T16:58:57+00:00","dateModified":"2022-01-08T16:58:59+00:00","mainEntityOfPage":{"@id":"https:\/\/xiarch.com\/blog\/why-do-attackers-utilize-badusb-to-target-defense-organizations-with-ransomware\/"},"wordCount":439,"commentCount":0,"publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"articleSection":["Vulnerabilities"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/xiarch.com\/blog\/why-do-attackers-utilize-badusb-to-target-defense-organizations-with-ransomware\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/xiarch.com\/blog\/why-do-attackers-utilize-badusb-to-target-defense-organizations-with-ransomware\/","url":"https:\/\/xiarch.com\/blog\/why-do-attackers-utilize-badusb-to-target-defense-organizations-with-ransomware\/","name":"Why do attackers utilize BadUSB to target Defense organizations with Ransomware? - Xiarch Solutions Private Limited","isPartOf":{"@id":"https:\/\/xiarch.com\/blog\/#website"},"datePublished":"2022-01-08T16:58:57+00:00","dateModified":"2022-01-08T16:58:59+00:00","breadcrumb":{"@id":"https:\/\/xiarch.com\/blog\/why-do-attackers-utilize-badusb-to-target-defense-organizations-with-ransomware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/xiarch.com\/blog\/why-do-attackers-utilize-badusb-to-target-defense-organizations-with-ransomware\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/xiarch.com\/blog\/why-do-attackers-utilize-badusb-to-target-defense-organizations-with-ransomware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/xiarch.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Why do attackers utilize BadUSB to target Defense organizations with Ransomware?"}]},{"@type":"WebSite","@id":"https:\/\/xiarch.com\/blog\/#website","url":"https:\/\/xiarch.com\/blog\/","name":"Xiarch Solutions Private Limited","description":"","publisher":{"@id":"https:\/\/xiarch.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/xiarch.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/xiarch.com\/blog\/#organization","name":"Xiarch","url":"https:\/\/xiarch.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","contentUrl":"https:\/\/xiarch.com\/blog\/wp-content\/uploads\/2021\/06\/xi-logo-002.png","width":300,"height":300,"caption":"Xiarch"},"image":{"@id":"https:\/\/xiarch.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/xiarch\/","https:\/\/twitter.com\/xiarch","https:\/\/www.linkedin.com\/company\/xiarch"]},{"@type":"Person","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/655d814a04eacce56942270cfdc5c59c","name":"Xiarch Security","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/xiarch.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d33699ed91b76568586dc1ae278ea568?s=96&d=mm&r=g","caption":"Xiarch Security"},"sameAs":["https:\/\/xiarch.com\/blog\/"],"url":"https:\/\/xiarch.com\/blog\/author\/vector\/"}]}},"_links":{"self":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/4182"}],"collection":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/comments?post=4182"}],"version-history":[{"count":1,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/4182\/revisions"}],"predecessor-version":[{"id":4187,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/posts\/4182\/revisions\/4187"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media\/4186"}],"wp:attachment":[{"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/media?parent=4182"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/categories?post=4182"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xiarch.com\/blog\/wp-json\/wp\/v2\/tags?post=4182"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}