Cybercriminals’ go-to tools for spreading malware are still USB devices. The first half of 2023 saw a three-fold surge in malware attacks using USB sticks to steal secrets, according to security analysts at Mandiant. Two of these attack campaigns’ specifics have been disclosed. Public and commercial sector organisations in Europe, Asia, and the United States were targets of the offensive campaign, which is blamed on the China-related cyberespionage group TEMP.Hex.
The SOGU malware was loaded into USB flash devices, and the host’s private information was stolen.A DLL hijacking technique was utilised by the malicious software on the flash drive to download its final payload into the memory of infected devices.