Asia-Pacific govt. subjected to attacks by novel TetrisPhantom APT

Governments across the Asia-Pacific had their systems compromised by the new TetrisPhantom advanced persistent threat operation in attacks leveraging secure USB drives infected with a trojanized UTetris app over the last few years, reports BleepingComputer. TetrisPhantom facilitated the intrusions with the initial execution of the AcroShell payload on targeted machines to enable the deployment of information-stealing malware, with the exfiltrated data later leveraged for XMKR malware and trojanized UTetris app development, a Kaspersky report revealed. All secure USB devices connected to Windows systems are being compromised by the XMKR module, which also looks to infect air-gapped systems while exfiltrating stolen data to the attacker's server. "The attack comprises sophisticated tools and techniques, including virtualization-based software obfuscation for malware components, low-level communication with the USB drive using direct SCSI commands, self-replication through connected secure USB drives to propagate to other air-gapped systems and injection of code into a legitimate access management program on the USB drive which acts as a loader for the malware on a new machine," said Kaspersky.