Abu Dhabi: Jasour – News Desk
Kaspersky found that a secure USB drive was compromised with malicious code injected into its access management software. This drive was developed by a government entity in Southeast Asia to securely store and transfer files between machines in sensitive environments.
The malicious code injected into it was designed to steal confidential files saved on the secure partition of the drive, while also acting as a USB worm and spreading the infection to USB drives of the same type. While this tactic was similar to the compromise of drives that used the UTetris USB management software last year, attributed by Kaspersky to TetrisPhantom, the malicious code implanted on the drive in the latest incident was new. An analysis of the Trojanized USB management software used in this attack, as well as other trends in tools used by cybercriminal groups in attacks around the world, is provided in the latest Kaspersky Q3 APT report.
MuddyWater is an APT actor that surfaced in 2017 and has traditionally targeted countries in the Middle East, Europe, and the USA. Recently Kaspersky uncovered VBS/DLL-based implants used in intrusions by the MuddyWater APT group, which are still active today. The implants were found at multiple government and telecom entities in Egypt, Kazakhstan, Kuwait, Morocco, Oman, Syria and the UAE.
Tropic Trooper (aka KeyBoy and Pirate Panda) is an APT group that has been operating since 2011. The group’s targets have traditionally included government entities, as well as the healthcare, transportation and high-tech industries located in Taiwan, the Philippines, and Hong Kong. Kaspersky’s most recent analysis revealed that in 2024, the group conducted attacks against a government entity in Egypt. An attack component was detected that was presumably used by Chinese-speaking actors.
