WIRED just published an article that made me both disappointed and surprised at the same time. Security researchers found USB-based Sogu espionage malware spreading within African operations of European and US firms.
Yup, you read that right: USB-based malware.
Here is a quick summary with a link to the full article at WIRED. The upshot? You still need to train your global workforce on the risks of them good 'ol USB sticks...
The cybersecurity firm Mandiant has uncovered a resurgence in USB-based malware attacks led by a China-linked hacker group called UNC53. This group has successfully hacked at least 29 global organizations since last year by social engineering employees into using malware-infected USB drives.
Many of these attacks have originated from the African operations of multinational companies in countries like Egypt, Zimbabwe, and Kenya. The malware used is a decade-old strain known as Sogu, which has been involved in significant cyber-espionage activities in the past.
The campaign is especially effective in regions where USB drives are still commonly used, like Africa. Mandiant found that the malware often spreads from shared computers in places like internet cafés, affecting various sectors including consulting, banking, and government agencies. The malware uses clever tactics to infect machines, even those without internet connections, and communicates with a command-and-control server to steal data.
Mandiant researchers note that this indiscriminate method allows the hackers to cast a wide net, sorting through victims for high-value targets later. The campaign highlights the need for organizations to remain vigilant against all forms of cyber threats, even those considered outdated. This is particularly important for global networks that include operations in developing countries, where older technologies like USB drives are still in use. Train your workforce!
Full article at WIRED: https://www.wired.com/story/china-usb-sogu-malware/