Security News > 2023 > October > New TetrisPhantom hackers steal data from secure USB drives on govt systems
A new sophisticated threat tracked as 'TetrisPhantom' has been using compromised secure USB drives to target government systems in the Asia-Pacific region.
Secure USB drives store files in an encrypted part of the device and are used to safely transfer data between systems, including those in an air-gapped environment.
"The attack comprises sophisticated tools and techniques, including virtualization-based software obfuscation for malware components, low-level communication with the USB drive using direct SCSI commands, self-replication through connected secure USB drives to propagate to other air-gapped systems and injection of code into a legitimate access management program on the USB drive which acts as a loader for the malware on a new machine." - Kaspersky.
AcroShell establishes a communication line with the attacker's command and control server and can fetch and run additional payloads to steal documents and sensitive files, and collect specific details about the USB drives used by the target.
"The XMKR module is deployed on a Windows machine and is responsible for compromising secure USB drives connected to the system to spread the attack to potentially air-gapped systems" - Kaspersky.
XMKR's capabilities on the device include stealing files for espionage purposes and the data is written on the USB drives.