Kaspersky researchers have discovered a new attack campaign called ‘TetrisPhantom’, which repeatedly compromises a type of encrypted USB (secure USB) used to provide secure encryption for data storage. data storage.
This espionage activity is targeting government organizations in the Asia-Pacific (APAC) region. These findings are detailed in Kaspersky’s latest report on the APT (Advanced Persistent Threat) threat landscape for the third quarter of 2023
Global Research and Analysis Team (GReAT) Specifically, Kaspersky discovered a long-lasting espionage campaign carried out by a previously undetected attacker. Attackers secretly monitored and collected sensitive data from APAC government organizations by exploiting encrypted USBs, protected by hardware encryption to ensure secure data storage and transmission between computer systems. These USB drives are used by government organizations around the world, which increases the likelihood that more organizations will fall victim to these attacks in the future
This campaign uses various malicious modules through which the attacker can gain full control over the victim’s device. This allows them to execute commands, collect files and information from compromised machines, and infect other machines using the same or a different type of encrypted USB drive. Additionally, APT is adept at deploying other malicious files on the infected system.
“Our research shows that the attack uses highly sophisticated tools and techniques, including virtualization-based software encryption, low-level communication with the USB drive using direct SCSI commands, and self-copying via connected encrypted USBs. These activities were carried out by a highly skilled and resourceful threat actor with a deep interest in espionage activities within networks. sensitive and protected government networks,” shared Noushin Shabab, senior security researcher at Kaspersky’s Global Research and Analysis Team (GReAT).
To prevent the risk of becoming a victim of a targeted attack, Kaspersky researchers advise taking the following measures:
- Regularly update your operating system, applications, and antivirus software to stay protected from potential vulnerabilities and security risks.
- Be cautious with emails, texts, or calls requesting sensitive information. Verify the identity of the person requesting the information before sharing personal data or clicking on suspicious links.
- Grant access to the latest threat intelligence to the Security Operations Center (SOC). Kaspersky Threat Intelligence Portal is Kaspersky’s single access point providing threat intelligence and cyber attack data.
