A notorious group of Russian state hackers, known by various names such as Gamaredon, Primitive Bear, ACTINIUM, Armageddon, and Shuckworm, has expanded its cyber espionage activities beyond Ukraine. The group has unleashed a USB-based malware, named LitterDrifter, infecting organizations worldwide. Initially focused on Ukrainian entities, Gamaredon’s reach has now extended globally, with the worm spreading unintentionally or deliberately to various countries including the USA, Vietnam, Chile, Poland, Germany, and even Hong Kong.
Since 2014, Gamaredon has been linked to Russia’s Federal Security Service by the Security Service of Ukraine, displaying a lack of concern for flying under the radar. Their campaigns primarily target Ukrainian organizations, aiming to gather comprehensive information using malware tools. LitterDrifter, a computer worm written in Visual Basic Scripting language, is one such tool.
Similar to historically significant incidents such as Stuxnet, created by the US National Security Agency and Israel, and non-USB-activated worms like NotPetya and WannaCry, LitterDrifter showcases the potential for extensive reach due to its self-propagating nature. Worms like LitterDrifter are notorious for their exponential growth.
LitterDrifter utilizes simple yet effective techniques for its spreader module. It creates LNK decoy shortcuts and hidden copies of the trash.dll file to infect removable USB drives. The worm scans a computer’s logical drives and identifies removable USB drives through the MediaType value set to null. It then recursively accesses subfolders and creates shortcuts, facilitating the spread of the malware.
Experts warn about the global threat posed by LitterDrifter and the potential damage it can inflict on organizations worldwide. Check Point Research has observed its unintentional or deliberate spread to various countries, indicating the extent of its reach and the need for enhanced security measures.
With the continued advancement of cyber threats like LitterDrifter, organizations must prioritize cybersecurity and implement robust measures to safeguard their systems and data. The global reach of this USB worm underscores the urgent need for international collaboration and information sharing to combat cybercrime effectively.
As the world becomes increasingly interconnected, hackers are taking advantage of vulnerabilities, emphasizing the importance of proactive cybersecurity practices. The wide-scale impact of LitterDrifter serves as a wake-up call for governments, businesses, and individuals to remain vigilant and stay ahead of evolving cyber threats.