Malware attacks facilitated by USB drives have grown threefold during the first six months of 2023, with the Sogu and Snowydrive campaigns by Chinese cyberespionage threat operation TEMP.HEX and UNC4698, respectively, being the most notable, reports BleepingComputer.
The more aggressive of the two was the Sogu malware campaign, which has impacted organizations in the U.S., China, the U.K., and other parts of the world, most of which have been targeted at the pharmaceutical, IT, and energy sectors, according to a Mandiant report.
Attacks by TEMP.HEX have involved the Korplug payload that deploys Sogu into memory, which then scans files with valuable data, executes commands and files, captures screenshots, and conducts keylogging activities.
Meanwhile, oil and gas entities in Asia have been targeted by the Snowydrive campaign, which involved the distribution of a backdoor that enabled arbitrary payload execution via the Windows command prompt.
Once targets have been lured to launch an executable on a USB drive, Snowydrive malware components that have different roles in the attack process are then extracted and executed.
Change Healthcare attack linked to state-backed threat actors Major U.S. healthcare revenue and payment cycle management provider Change Healthcare was noted by its parent firm UnitedHealth Group to have been targeted by suspected state-sponsored threat actors in a cyberattack on Feb. 20, TechCrunch reports.