APAC Governments Targeted by Cyber Espionage via Secure USBs

    A cyber espionage campaign known as TetrisPhantom has been targeting government entities in the Asia-Pacific (APAC) region. The campaign involves the exploitation of a specific type of secure USB drive, which is used by government organizations worldwide to securely store and transfer data. The campaign was discovered by Kaspersky, a Russian cybersecurity firm, in early 2023. The use of secure USB drives suggests that the attacks could potentially expand globally in the future.

    The identity of the threat actor or group behind the TetrisPhantom campaign has not been determined. However, the sophisticated nature of the attacks suggests the involvement of a nation-state actor. The attacks were highly targeted and focused on espionage activities within sensitive government networks. The campaign utilizes various malicious modules to execute commands and collect data from compromised machines. It can also propagate the infection to other machines using the same or different secure USB drives. The attackers inject code into a legitimate access management program on the USB drive, allowing them to load malware onto new machines.

    In addition to the TetrisPhantom campaign, there has been another series of attacks targeting government entities, military contractors, universities, and hospitals in Russia. These attacks, known as BadRory, involve spear-phishing emails with booby-trapped Microsoft Office documents. The attacks have occurred in two waves, one in October 2022 and the other in April 2023. The attacks install a new Trojan on the victim’s machine, which is designed to exfiltrate files and execute arbitrary commands. 

    Latest articles

    Related articles