A new sophisticated attack known as ‘TetrisPhantom’ has been targeting government networks in the Asia-Pacific area by leveraging compromised secure USB devices. Custom software that decrypts the contents based on a user-supplied password allows access to the protected partition. UTetris.exe is one such piece of software, which is included on an unencrypted portion of the USB device.
Secure USB drives are used to reliably transfer data between systems, particularly those in an air-gapped environment, by storing files in an encrypted section of the device. Security researchers identified trojanized versions of the UTetris application placed on secure USB sticks in an attack campaign targeting governments in the APAC area that has been active for at least a few years.