"Nation-State Hackers Using Malicious USB Drives in Attacks in Africa, Asia and Oceania"
Hackers are using USB drives containing a strain of malware typically used by the Chinese government to target people in Mongolia, Papua New Guinea, Ghana, Zimbabwe, and Nigeria. Sophos researchers discovered the targeting of government organizations in Southeast Asia by USB drives containing the PlugX malware. This malware was developed in 2008 by Chinese government hackers known as Mustang Panda. The attack, which is described as "retro" due to its use of USB drives, was discovered thousands of miles away in Africa. The most recent cluster of USB worm activity is traversing three continents. Gabor Szappanos, threat research director at Sophos, stated that removable media is not normally considered 'mobile' when compared to Internet-based attacks, but this technique has shown to be effective in this part of the world. The malware and USB technique are designed partly to steal data from air-gapped networks. When delivered, the malware communicates with an IP address previously associated with Mustang Panda actors. The PlugX malware copies the contents of a victim's recycle bin and their device's hard drive. It collects files with the extensions .doc, .docx, .xls, .xlsx, .ppt, .pptx, and.pdf. The researchers explained that USB-based malware was significantly more prevalent a decade ago, when hackers could infiltrate a company by simply leaving thumb drives in parking lots. This article continues to discuss the use of malicious USB drives to spread PlugX malware in Africa, Asia, and Oceania.