Threat Trends: APT by USB

In this week’s episode of The Defender’s Advantage Podcast, Threat Trends host Luke McNamara is joined by Mandiant analysts Tyler McLellan and John Wolfram for a discussion on the usage of USB as an infection vector as described in two recent Mandiant blog posts.

Tyler details the activity outlined in the most recent blog post on a new cyber espionage operation attributed to Turla Team (UNC4210), distributing the KOPILUWAK reconnaissance utility and QUIETCANARY backdoor to ANDROMEDA malware victims in Ukraine. John then jumps in to discuss another blog from late 2022 on cyber espionage activity from UNC4191 heavily leveraging USB devices as an initial infection vector, concentrated on the Philippines.

For more, read these blog posts:

• Turla: A Galaxy of Opportunity
• Always Another Secret: Lifting the Haze on China Nexus Espionage in Southeast Asia

You can follow Tyler McLellan at @tylabs and John Wolfram at @Big_Bad_W0lf_.

Don’t forget to rate, review and subscribe to The Defender’s Advantage Podcast where you listen to podcasts.