A hacker group impersonating Amazon and the US Department of Health and Human Services are sending out universal serial bus (USB) drives infected with ransomware, the US Fedreral Bureau (FBI) said.
The FBI said that cybercrime group FIN7 is mailing malicious flash drives to companies in an attempt to infect the target networks with malware. The parcels sent via mail sometimes contained Covid-19 letter guidelines, and other times counterfeit gift cards, or thank you notes. Paired with these are flash drives with the LilyGO logo on them.
The human interface device (HID) attacks only work when the target willingly connects the flash drive to the target device, and can be avoided by having employees only connect USB devices based on their hardware ID or those that have been approved for use by the IT security team.