USB key hacking returns to Russian spies

Moscow-linked hackers conducted a cyber-espionage operation against Ukraine through a maliciously inserted USB drive. The hack started in December 2021.

The old techniques of cyber espionage still work. Hackers from Moscow, Intelligence have infiltrated a Ukrainian computer from a USB key to prepare for the invasion of the country as early as December. Their modus operandi was detailed by cyber researchers at Mandiant in a report published on January 5. The Kremlin hackers began their infiltration in December 2021 with a key provided to a Ukrainian victim or directly inserted into a post by an intelligence member. The installed files introduced Andromeda, a well-known botnet in the cyber community.

This network made it possible to infect hundreds of millions of computers in order to launch other malware afterward. Provided publicly by criminal hackers and taken down by Europol in 2017, it was reused this time by members of Russian intelligence to attack Ukraine. They started using it in September 2022 to exfiltrate data from a backdoor in the system.

A group specializing in cyber espionage

This operation is attributed to Turla — known as Snake or Uroburos — a group linked to the Russian government. Specialized in cyber espionage, this collective had affected more than 500 victims in 45 different countries around the world in 2015, including government agencies, and military and diplomatic entities as the group’s preferred targets. “The extensive profiling conducted since January may have allowed the group to select specific victims and tailor its exploitation efforts to gather and exfiltrate strategically important information to inform Russian priorities,” Mandiant researchers explain.

All the countries were targeted by the hackers of Turla, a collective linked to Moscow. // Source: Kaspersky

When this operation was launched [in December 2021], Russian intelligence services called claims that Moscow was planning an invasion of Ukraine “absolutely false ”.

USB drive attacks have become obsolete since cloud storage has become the norm. Mail services have also raised their maximum size limit, in file transfers. However, USB keys can still be used in sensitive sectors, where we avoid going through the web to communicate. Mandiant also detected a similar hacking campaign by Chinese hackers in December 2022. In 2023, a hacker is more important than James Bond.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s