In an era of rapidly advancing technology, it’s fascinating to see that some old-school tactics remain effective. A recent cyberespionage operation suspected to be linked to Moscow-based hackers “Turla Group” showcases how USB key hacking has made a comeback, playing a significant role in preparing for a potential invasion of Ukraine. This article delves into the details of this operation, the group behind it, and the continued relevance of USB key attacks.
The Resurgence of USB Key Hacking
The Mandiant cybersecurity researchers reported a detailed account of how Moscow-linked hackers infiltrated a Ukrainian computer using a malicious USB key in December 2021. The operation allowed the hackers to introduce Andromeda, a well-known botnet in the cyber community, and infect hundreds of millions of computers for further malware deployment. This once publicly available botnet, dismantled by Europol in 2017, has been repurposed by Russian intelligence members to target Ukraine.
Turla: A Sophisticated State-Sponsored Threat Actor
Turla, also known as Snake or Uroburos, is the APT group attributed to this operation. Tied to the Russian government, Turla specializes in cyberespionage and has targeted over 500 victims in 45 countries, including government agencies, military entities, and diplomats. The in-depth profiling conducted since January may have allowed the group to identify specific victims and tailor their efforts to collect and exfiltrate strategically valuable information.
The Relevance of USB Key Attacks
With the rise of cloud storage and increased file transfer limits in messaging services, USB key attacks have become somewhat obsolete. However, USB keys still have their uses in sensitive sectors where web-based communication is avoided. A similar hacking campaign was detected by Mandiant, conducted by Chinese hackers in December 2022.
The resurgence of USB key hacking as a cyberespionage tool demonstrates that older techniques still have a place in the modern world of cybersecurity. As threat actors continue to evolve and adapt, it’s crucial for organizations and governments to remain vigilant against all forms of cyberattacks, old and new alike.