Cybersecurity researchers from Kaspersky have uncovered a sophisticated new piece of malware called TetrisPhantom seen compromising secure USB drives to steal sensitive information from government endpoints in the Asia-Pacific region.
Secure USB drives have an encrypted partition whose files can only be accessed with a password, and through specialized software, like the one called UTetris. This method is generally used to safely transfer data between systems, including air-gapped endpoints, BleepingComputer reports.
Now, the trojanized version of UTetris, called TetrisPhantom, has been discovered, with the researchers speculating it’s been operating unabated for at least a few years now.
Stealing data
“The attack comprises sophisticated tools and techniques, including virtualization-based software obfuscation for malware components, low-level communication with the USB drive using direct SCSI commands, self-replication through connected secure USB drives to propagate to other air-gapped systems and injection of code into a legitimate access management program on the USB drive which acts as a loader for the malware on a new machine,” Kaspersky said in its technical writeup.
The researchers explain that TetrisPhantom is capable of deploying additional payloads, some of which have information-stealing and file-stealing capabilities. The goal of the campaign, it seems, is to obtain vital data from governments in the APAC region. We don’t know which governments were targeted specifically, nor was it hinted which nation-state (if any), was behind this attack. The only thing that they managed to conclude is that this was a highly targeted operation, suggesting that not many computers, from not many governments, were found infected.
Nation-state threat actors are often engaged in cyber-espionage campaigns, seeking sensitive information about their adversaries’ foreign politics, spheres of influence, mid- and long-term goals.
In fact, cyberattacks against government agencies are spiking, recent research from Surfshark shows. The company analyzed 924 significant cyber-incidents that took place between 2006, and Q1 2023 (including the first three months of this year). The analysis has shown that in that time, at least 722 cyberattacks were targeting government agencies.
However, before 2020, every year, government agencies would report 29 cyberattacks on average. After that, the number rose to a yearly average of 96. Almost half of the 924 significant incidents that were analyzed, happened in the last three years.
Via BleepingComputer
More from TechRadar Pro
Services Marketplace – Listings, Bookings & Reviews