Blackmail Trojans by mail: Notorious hacker group attacks in bizarre ways

Spread the love

In order to crack companies and authorities, hackers use sophisticated tools and complex vulnerabilities. A particularly feared group tried to get through the front door, so to speak, and sent the malicious code by post.

While for years it was random victims who were supposed to pay a ransom of several hundred euros, blackmail Trojans have long since developed into a billion-dollar business. And the hacker groups are increasingly targeting profitable business and government targets. The US Federal Police  FBI is now warning of a particularly brazen attack scam.

It sounds a bit as if it came from the last millennium: Instead of via the Internet and an e-mail, the attack came from the physical world this time – and landed in a package on the desks of the attacked companies. But the USB sticks it contained had a lot to offer: they contained the “BadUSB” and “Bad Beetle USB” programs, with which computers can be taken over simply by connecting the stick.

Danger from the mail department

According to the investigators, the packages arrived at various companies between August and November, including companies in the transport , insurance and defense sectors. The attackers used various disguises to make it tempting for the victims to insert the sticks. The packages allegedly came from Amazon, sometimes from the health authorities. Depending on the destination, the recipients should find voucher cards on the sticks or important data on new Covid guidelines.

The actual effect was of course different. Once plugged in, the sticks began sending commands to the computer and installing more malware, investigators said. To do this, they disguised themselves as a supposed keyboard that entered console commands. Even a lock on external data carriers should be unlocked in this way. However, the FBI report did not reveal whether this was actually successful in the current attacks and what the specific consequences were for the companies affected.

Notorious cyber gangsters

If you consider who is held responsible for the attack, the victims are likely to have been threatened. The FBI names the hacker group Fin7 as the main suspect. The group, which appears to be from Eastern Europe, is notorious. She is credited with hundreds of attacks on businesses. The attacks are always creative and sometimes highly complex. And not just technically: Fin7 is said to have founded and built up its own camouflage companies for some attacks. The attacks are specially tailored to the target in question. They are referred to as “spear phishing” because the high-precision methods do not correspond to the old e-mail trawl, but to the targeted launching of a harpoon. As early as 2018, a company had examined and described the group’s sometimes frighteningly clever approach,learn more here ).

That Fin7 still exists is quite remarkable. The group, which has been active since at least 2015, was considered disbanded after its alleged leaders were arrested in 2018. One of them had been sentenced to ten years in prison last year. At the same time, however, the number of attacks attributed to it increased again rapidly