The FBI now believe that Russian hackers FIN7, who are behind the Darkside and BlackMatter ransomware operations, are responsible for the operation.
According to the US agency, the group’s packages were being sent via the United States Postal Service or United Parcel Service and appeared as official companies.
They added that the hackers usually pretended to be from the US Department of Health & Human Services or from Amazon as a means to trick their ransomware targets.
The FBI have since issued a warning to businesses that these packages were certified as fake and dangerous.
Their statement read: “Since August 2021, the FBI has received reports of several packages containing these USB devices, sent to US businesses in the transportation, insurance, and defense industries,”
“The packages were sent using the United States Postal Service and United Parcel Service.
“There are two variations of packages—those imitating HHS are often accompanied by letters referencing COVID-19 guidelines enclosed with a USB; and those imitating Amazon arrived in a decorative gift box containing a fraudulent thank you letter, counterfeit gift card, and a USB.”
The FBI also confirmed that all packages contained LilyGO-branded USBs which, if plugged into device, could execute a ‘BadUSB’ attack and infect it with the dangerous malware software.
The Record added that, in most cases investigated by the US agency, the group would obtain administrative access and then “move laterally to other local systems.”
The latest warning comes after similar Russian malware infiltrated a huge number of companies across the US last July.
The breach, which is the largest ransomware attack on record, reportedly hit the IT systems of up to one million companies across the globe over a 24-hour period, by targeting the systems of US-based software firm Kaseya.
Two days later, Russian hackers REvil demanded a $70 million payment in Bitcoin for a decryption key.
This story originally appeared on The Sun and was reproduced here with permission