Several years after its discovery, the cyberespionage campaign led by the Chinese hacker group Mustang Panda continues to worry the entire world. The hackers’ modus operandi was well-established: distributing corrupted USB keys, camouflaged in free goodies, with an apparently harmless appearance. At the time, our colleagues from Clubic was interested in the matter, more sensitive than it seems. Two years later, at the Cybersecurity Conference, the media drew up a complicated assessment of the affair: not only is the operation still active, but it has now invaded maritime cargo ships and reached Europe.
Free USB sticks as bait
The corrupted keys were likely distributed under the cover of a fake company, setting up fictitious stands at maritime trade shows. An infiltration which made it possible to gain the trust of potential victims, without anyone being suspicious. But the tactic is not limited to BtoB events: hackers also got into the habit of leaving USB keys in restaurants, parking lots and hotels, amplifying the spread and the risk of infection. A mode of operation formidable, and visibly effective: cargo ships are often disconnected from the Internet. When they connect to the satellite network, the malware has had plenty of time to act offline before being spotted.
Especially since it quickly becomes complicated to determine when the infected keys were actually used. Distributed massively, some could have been used months after reaching the pockets of their victims. To scramble the reading of attack strings, and prolong the persistence of infections. Two years after the affair, attacks are still taking place, despite detection and blocking efforts.
Some reflexes to adopt
When it comes to cybersecurity, vigilance is not enough. You also need to adopt good reflexes. A USB key, behind its innocuous appearance, can be a formidable Trojan horse for your data. Assume that you should never plug in a USB key whose origin you do not know. Whether they are small independent groups or more established political entities, the most formidable attacks are often the simplest.
🟣 To not miss any news on the WorldOfSoftware, subscribe on Google News and on our WhatsApp. And if you love us, .
