The Federal Bureau of Investigation (FBI) has warned about an Eastern European cybercriminal gang that made hacking attempts against U.S. firms that operate within the transportation, defense and insurance sectors.
The warning included details concerning the cybercriminal use of tactics involving the mailing of malicious USB drives that would serve as avenues for brazen data breaches and potential ransomware attacks.
While the FBI did not provide specific names to the companies, it turns out that the organizations received a number of phony letters sent through the U.S. Postal Service and UPS from August to the second last month of the year 2021.
Reportedly, the fake letters impersonated notable U.S. institutions such as the Department of Health and Human Services, Amazon and several other legitimate establishments operating across the United States.
In some instances instance, U.S. law enforcement noted that instead of genuine Amazon gift cards or authentic advisories about the COVID-19 public health problem, letters would arrive holding a USB stick with a loaded malicious software.
If inserted into a company computer, the USB stick was meant to give authorized hacker access to the target organization’s computer systems that would result in a full-scale ransomware attack by the threat actors.
So far, it’s not clear whether the hackers managed to successfully breach any of the companies that the FBI was referring to, although the latest FBI advisory adds to the wealth of evidence showing just how devastating and aggressive cybercriminal groups have become over the last few years.
FIN7 Has Been Blamed
As the cybersecurity publication Bleeping Computer, the recent FBI advisory has named FIN7 as the cybercriminal group behind the latest scheme to leverage USB sticks to gain illicit access to firms and institutions in the United States.
FIN7 has been blamed in the recent past for billions of dollars in losses to customers and firms operating on U.S. soil and beyond. The Eastern European cybercriminal group has been involved in the cyber theft of millions of credit card numbers belonging to restaurant and hospitality chains across 47 states in the U.S.
The prolific nature of the cybercriminal group is pegged on the fact that they have evolved significantly over the last few years to adopt a series of out-of-the-box methods to target victims and avoid the long arm of the law.