© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Cyber espionage group leverages USBs to deliver malware


A China-nexus threat actor, well-known for targeting public and private sectors in South East Asia, US, and Europe, is using USB devices to breach systems.

Mandiant, which tracks the malicious activity as UNC4191, says the USB-based attack focuses on the Philippines.

The intrusion begins when a user plugs a compromised USB device into a machine. Following the initial infection, threat actors leverage legitimately signed binaries to side-load malware, such as Mistcloak, Darkdew, and Bluehaze.

“Successful compromise led to the deployment of a renamed NCAT binary and execution of a reverse shell on the victim’s system, providing backdoor access to the threat actor. The malware self-replicates by infecting new removable drives that are plugged into a compromised system, allowing the malicious payloads to propagate to additional systems and potentially collect data from air-gapped systems,” Mandiant said.

It assesses that UNC4191 is a China-nexus threat actor. The campaign has been active since at least September 2021.

“We believe this activity showcases Chinese operations to gain and maintain access to public and private entities for the purposes of intelligence collection related to China’s political and commercial interests,” Mandiant said.

Cybersecurity pundits have long warned about the usage of USB devices. Inexpensive and portable thumb drives are popular for storing and transporting files, therefore appealing to attackers.

“Attackers can use USB drives to infect other computers with malware that can detect when the USB drive is plugged into a computer. The malware then downloads malicious code onto the drive. When the USB drive is plugged into another computer, the malware infects that computer,” CISA said.

Threat actors can also infect USB drives during production, meaning that malware is installed when a user infects the brand new stick into their computer.

To keep your devices safe, do not plug an unknown USB drive into a computer, use passwords and encryption on your USB drive, and keep personal and business USB drives separate.


More from Cybernews:

Sony and Lexar's encryption provider leaked sensitive data for over a year

From NASA to TJX Companies hackers: five notorious cybercriminals who saw jail time

Twitter quietly ditches its COVID misinformation policy

Putin embraces digital currency as sanctions cripple Russia’s economy

Hackers exploit trending TikTok challenge to deliver malware

Twitter is banned in China, but downloads surge as protestors look for authentic information

Subscribe to our newsletter



Leave a Reply

Your email address will not be published. Required fields are marked