Malware Attacks Through USB Drives Rise 3 Times In The First Half Of 2023, Indonesia Becomes A Victim

Liputan6.com, Jakarta – Malware attacks distributed via USB drives experienced a threefold increase in the first half of 2023.

A new report from cybersecurity firm Mandiant outlines how two USB-delivered malware attacks emerged. First, the attack named ‘Sogu’ is associated with the Chinese espionage group ‘TEMP.HEX.

Then secondly, as quoted from Bleeping ComputerFriday (14/7/2023), named ‘Snowydrive’ is associated with the hacker group UNC4698, which targets oil and gas companies in Asia.

Earlier, in November 2022, the cybersecurity firm highlighted a China-nexus attack that leveraged USB devices to infect entities in the Philippines with four different malware families.

Additionally, in January 2023, the Unit 42 team from Palo Alto Network discovered a variant of PlugX that can hide in USB drives and infect hosts Windows connected to it.

Sogo’s attack

Mandiant reports that Sogu is currently the most aggressive cyber espionage group utilizing USB, targeting multiple industries around the world and attempting to steal data from infected computers.

Victims of the Sogu malware are located in the United States, France, United Kingdom, Italy, Poland, Austria, Australia, Switzerland, China, Japan, Ukraine, Singapore, Indonesia and the Philippines.

Most of the victims came from the pharmaceutical, IT, energy, communications, health and logistics sectors.

The payload, called “Korplug,” loads C shell code (Sogu) into memory via DLL order hijacking, which requires the victim to execute a legitimate file.