FBI FLASH: FIN7 Cyber Actors Target US Businesses Through USB Keystroke Injection Attacks

The FBI has published a TLP:GREEN FLASH warning that FIN7 cyber actors are targeting U.S. businesses through USB keystroke injection attacks. The FLASH indicates that since November 2021, the cyber criminal group FIN7 has been observed targeting the US defense industry with a package containing a fraudulent thank you letter, counterfeit Amazon gift card, and a USB device. The USB device is a commercially available product known as a “BadUSB” or “Bad Beetle USB.” According to the FBI, “When plugged into a computer system, the USB device automatically injects a series of keystrokes to download and execute a malware payload. FIN7 seeks to deploy ransomware within a compromised network using a variety of tools.” The FLASH includes further technical details regarding this activity and lists recommended mitigations. It also encourages partners to report suspicious or criminal activity to their local FBI field office or the FBI’s 24/7 CyberWatch (CyWatch) at (855)292-3937 or Cy*****@*bi.gov.