Friday, July 3, 03:14
Home security Malware USBCulprit: Aims devices that are not connected to a network

Malware USBCulprit: Aims devices that are not connected to a network

Did you think that devices without any connection to a local or other network (air-gapped devices) are safe? Think again! The recently unveiled USBCulprit malware is used by a group known as Cycldek, Conimes or Goblin Panda and is designed to compromise devices that are not connected to a local or other network via USB.

Cycldek is a Chinese APT group that has targeted Southeast Asian countries for a long time to steal government information and state secrets.

The APT group has expressed interest in "major organizations and government institutions in Vietnam," a new report on Kaspersky's USBCulprit malware said.

For example, in 2013, security company CrowdStrike reported that the group hacked "defense, energy and government sectors" in conflicting territories in Southeast Asia. At the time, the team had used exploits CVE-2012-0158 to spread malware through malicious documents. Microsoft Word.

In the years following the incident, the group continued to expand its arsenal, using RTF documents with political content to develop remote access Trojans (RAT).

What Kaspersky has revealed this week is a specially designed hidden tool called "USBCulprit", which has evolved possibilities, especially when used on a system not connected to a local or other network.

It enters the system through RTF documents or other unknown media, performs extensive scanning of the victim's system and begins to import "documents".

“This tool, which we've seen downloaded from RedCore implants on several occasions, is able to scan various paths on Appliances of victims, to collect documents with specific extensions and transfer them to USB units when connected to system. It can also make a selective copy to a removable drive unit in the presence of a specific one file, which suggests that it could spread laterally, having infected certain drive units, ”Kaspersky explains.

RedCore and BlueCore are terms used by Kaspersky to describe the two different styles (variations) of malware developed by the team.

Her report Kaspersky shows a complete diagram of how the RedCore and BlueCore variants activate and share information in the form of a well-coordinated "complex".

Both of these variants have been attributed to the Cycldek team.

"Furthermore, given both the differences and the similarities, we can conclude that the activities we saw are linked to a group we call Cycldek. In several cases, we have identified unique tools created by the team that were obtained from the servers of both groups… Overall, this suggests that the entities operating behind all this share many resources - both code and infrastructure - and operate under a single organizational umbrella. “


Please enter your comment!
Please enter your name here

Teo Ehc
Be the limited edition.


Raspberry Pi: Computer-vision apps are enhanced with the Khronos OpenVX API

The Raspberry Pi Foundation has announced that it is bringing the OpenVX 1.3 API to Raspberry Pi devices to improve the so-called computer vision ...

EKANS ransomware: How does it target large industrial companies?

New samples of ransomware EKANS have revealed how today's online intruders use a variety of methods to endanger important industrial ...

The APT15 hacking team is linked to the Chinese government

In a report published today, the security company in the cyberspace Lookout stated that it found data that connects the malicious Android software ...

Dubai Police: Arrests hackers who attacked Greek companies!

Dubai Police: Arrests hackers who had attacked Greek companies: Raymond Igbalode Abbas, known as "Hushpuppi" and Olalekan Jacob Ponle, ...

Europe and the United States are worried about Google buying Fitbit

Pressure groups are signing a $ 2.1 million bid for Google's Fitbit health watchdog over concerns about secrecy.

Mageia Linux 8: The first alpha version has been released

Recently, Donald Stewart, creator of Mageia Linux, announced the availability of the new version of the operating system ...

Security researchers analyze the "anatomy" of an attack ransomware!

Researchers from the security technology company "Sentinel One" analyzed the "anatomy" of an attack ransomware, showing how hackers invaded a network and ...

CISA & FBI propose measures to protect against attacks through Tor!

The CISA and the FBI announced yesterday some measures that can contribute to the protection of organizations from cyber attacks that ...

Tesla: Breaks the stock market record and surpasses Toyota

Tesla shares hit red and became the most expensive car industry, beating Toyota, Disney and Coca Cola.

Hushpuppi: Hacker Raymond Abbas has been arrested for fraud

A Nigerian influencer-hacker named Raymond Abbas - appeared under the pseudonym Hushpuppi - and posted photos from his luxurious life ...