Mandiant announced that cyber attacks involving USB infection drives as an attack vector increased three-fold in 2023. SOGU and SNOWYDRIVE, two campaigns currently employing this strategy, target public and private sector organizations worldwide.

Mandiant described SOGU as one of the most prevalent and aggressive USB-based cyber espionage campaigns. The activity is attributed to the China-based cluster TEMP.Hex, also called Camaro Dragon, Earth Preta, and Mustang Panda. SOGU has already targeted organizations in the engineering, business, government, health, retail, and transportation sectors across the Northern Hemisphere. When the malicious USB is plugged into a computer, PlugX decrypts and launches the C-based backdoor SOGU which exfiltrates screenshots, steals files of interest, and logs keystrokes. SNOWYDRIVE is utilized by the UNC4698 cluster to target oil and gas organizations in Asia. The malware is capable of issuing remote commands, carrying out file searches, and uploading and downloading files.

Read More:

https://thehackernews.com/2023/07/malicious-usb-drives-targetinging.html