Home Security Malicious USB Drives Targetinging World Targets with SOGU and SNOWYDRIVE Malware

Malicious USB Drives Targetinging World Targets with SOGU and SNOWYDRIVE Malware

by crpt os


Jul 17, 2023THNEndpoint Security / Cyber Attack

Cyber attacks using infected USB infection drives as an initial access vector have witnessed a three-fold increase in the first half of 2023,

That’s according to new findings from Mandiant, which detailed two such campaigns – SOGU and SNOWYDRIVE – targeting both public and private sector entities across the world.

SOGU is the “most prevalent USB-based cyber espionage attack using USB flash drives and one of the most aggressive cyber espionage campaigns targeting both public and private sector organizations globally across industry verticals,” the Google-owned threat intelligence firm said.

The activity has been attributed to a China-based cluster called TEMP.Hex, which is also tracked under the names Camaro Dragon, Earth Preta, and Mustang Panda. Targets include construction and engineering, business services, government, health, transportation, and retail in Europe, Asia, and the U.S.

The infection chain detailed by Mandiant exhibits tactical commonalities with another Mustang Panda campaign uncovered by Check Point, which took the wraps off a strain of self-propagating malware called WispRider that spreads through compromised USB drives and potentially breach air-gapped systems.

It all starts with a malicious USB flash drive plugged into a computer, leading to the execution of PlugX (aka Korplug), which then decrypts and launches a C-based backdoor called SOGU that exfiltrates files of interest, keystrokes, and screenshots.

SNOWYDRIVE Targets Oil and Gas Organizations in Asia

The second cluster to leverage the USB infiltration mechanism is UNC4698, which has singled out oil and gas organizations in Asia to deliver the SNOWYDRIVE malware to execute arbitrary payloads on the hacked systems.

UPCOMING WEBINAR

Shield Against Insider Threats: Master SaaS Security Posture Management

Worried about insider threats? We’ve got you covered! Join this webinar to explore practical strategies and the secrets of proactive security with SaaS Security Posture Management.

Join Today

“Once SNOWYDRIVE is loaded, it creates a backdoor on the host system, giving attackers the ability to remotely issue system commands,” Mandiant researchers Rommel Joven and Ng Choon Kiat said. “It also spreads to other USB flash drives and propagates throughout the network.”

In these attacks, the victim is lured into clicking on a booby-trapped file that masquerades as a legitimate executable, thereby activating a chain of malicious actions, starting with a dropper that establishes a foothold, followed by executing the SNOWYDRIVE implant.

Some of the functionalities of the backdoor consist of carrying out file and directory searches, uploading and downloading files, and launching a reverse shell.

“Organizations should prioritize implementing restrictions on access to external devices such as USB drives,” the researchers said. “If this is not possible, they should at least scan these devices for malicious files or code before connecting them to their internal networks.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex