Cybersecurity researchers at Kaspersky have discovered a sophisticated new piece of malware called TetrisPhantom, which has compromised secure USB drives to steal sensitive information from government endpoints in the Asia-Pacific region.
Secure USB drives have an encrypted partition whose files can only be accessed with a password and through specialized software, such as that from UTetris. This method is generally used to securely transfer data between systems, including endpoints with air gaps, BleepingComputer reports.
Now, the trojanized version of UTetris, called TetrisPhantom, has been discovered, and researchers speculate that it has been running unabated for at least a few years now.
Steal data
“The attack involves advanced tools and techniques including virtualization-based software obfuscation for malware components, low-level communication with the USB drive using direct SCSI commands, self-replication via attached secure USB drives to spread to other air-gapped systems and injection of code into a legitimate access control program on the USB stick, which acts as a loader for the malware on a new machine,” Kaspersky said in its technical writing.
The researchers explain that TetrisPhantom is capable of deploying additional payloads, some of which have capabilities to steal information and files. The aim of the campaign appears to be to obtain vital data from governments in the APAC region. We do not know which governments were specifically targeted, nor was it suggested which nation-state (if any) was behind this attack. The only thing they could conclude is that this was a very targeted operation, which indicates that not many computers, from not many governments, were found infected.
National threat actors often engage in cyber espionage campaigns, seeking sensitive information about their adversaries’ foreign policies, spheres of influence, and medium- and long-term objectives.
The number of cyber attacks against government agencies is even increasing, according to recent research by Surfshark. The company analyzed 924 significant cyber incidents that occurred between 2006 and the first quarter of 2023 (including the first three months of this year). The analysis found that at least 722 cyber attacks targeted government agencies during that time.
However, before 2020, government agencies reported an average of 29 cyber attacks each year. The number then rose to an annual average of 96. Nearly half of the 924 significant incidents analyzed occurred in the past three years.
Through BleepingComputer