The use of USB devices as an initial access vector is unusual as they require some form of physical access — even if it is provided by an unwitting employee — to the target device.
Earlier this year the FBI warned that cybercriminals were sending malicious USB devices to American companies via the U.S. Postal Service with the aim of getting victims to plug them in and unwittingly compromise their networks...
The hackers behind it are concentrating on targets in the Philippines. The researchers assess the group has a China nexus, although it did not formally attribute the cyber espionage operation to a specific state-sponsored group. more