USB drives sent with some IBM’s Storwize storage products are infected with malware, along with the initialisation tool that’s meant to be on the USB stick.
IBM said the USB drives were sent with IBM Storwize V3700 V3500 and V5000 Gen 1 systems. IBM has refused to comment on where in the supply chain the interdiction occurred, and referred requests to an advisory. “There’s no added statement at this time,” a representative said.
The malware is a dropper discovered by Kaspersky Lab as Reconyc. The dropper is a cybercrime tool used to install other malware on infected computers. IBM said the drives that were infected have a part number 01AC585; Storwize systems with serial numbers beginning with 78D2 aren’t compromised, IBM said. The IBM Storwize storage systems nor information stored on these sorts of systems are infected by this malicious code,” IBM said in its advisory, including that other USB drives taken for encryption key management are also not affected.
“When the initialisation tool is launched from the USB flash drive, the tool copies itself to a temporary folder on the hard drive of the desktop or laptop during normal operation,” IBM said.
The malware is subsequently reproduced to the %TMP%initTool temporary folder with the initialisation tool on Windows systems and the /tmp/initTool on Mac and Linux systems. The file isn’t executed during initialisation While the malicious file is duplicated onto the desktop computer or notebook,” IBM said.
IBM said that any customers that have used the initialisation drive on a Storwize system should check that the infected file has been removed by their Anti-malware, or follow directions in the advisory to eliminate the directory. IBM suggests that customers delete the InitTool folder on the drive and download a fresh initialisation tool program, or that the USB drives be destroyed.
Supply chain interdiction is a strategy used by nation state performers to infect hardware with malware easing data and surveillance theft from systems that are essential. A WikiLeaks dump of instruction manual and CIA hacking tools featured the NightSkies tools purpose built for factory-new iPhones, demonstrating the bureau’s skill to infiltrate the surveillance tool to be installed by Apple’s supply chain.
In March, Check Point said it located more than three dozen Android handsets infected with adware, info-stealing malware, and ransomware pre-installed someplace along the supply chain. The handsets belonged to Check Point customers working for an unnamed multinational technology business or a big, unnamed telecommunications firm. The malware was added to the apparatus before they were in the users’ control, and weren’t the default ROM. For six of the apparatus, the attacker had system privileges for the device as well as the malware couldn’t be removed without re-flashing the handset.