Big Board Alerts

November 23, 2023
Russian hackers unleash new USB-based cyber threat LitterDrifter

The Russian state-affiliated hacker group, known by various aliases including Gamaredon, Primitive Bear, ACTINIUM, Armageddon, and Shuckworm, has broadened its cyber espionage efforts beyond its initial focus on Ukraine, as per reporting by Computing. This expansion has been marked by the global spread of a USB-based malware known as LitterDrifter.

Historically linked to Russia’s Federal Security Service by Ukraine’s Security Service, Gamaredon has been active since 2014. Their operations have predominantly targeted Ukrainian organizations to collect comprehensive data through various malware tools, with LitterDrifter being a notable example. This particular malware is a computer worm developed in Visual Basic Scripting language.

The mechanics of LitterDrifter’s spread

The primary mechanism of LitterDrifter involves propagation through USB drives, leading to the persistent infection of devices. These infected devices then communicate with servers controlled by Gamaredon. Check Point Research has noted that LitterDrifter has inadvertently or intentionally spread to several countries, including the USA, Vietnam, Chile, Poland, Germany, and Hong Kong.

LitterDrifter rapidly replicates, a trait typical of computer worms. Its self-replicating nature mirrors significant cyber threats like Stuxnet, but it stands out with its USB-based activation, similar to worms like NotPetya and WannaCry.

The spreading mechanism of LitterDrifter involves creating deceptive shortcut files (LNK) and hidden instances of a file named “trash.dll” on removable USB drives. It uses Windows Management Instrumentation to scan a computer’s logical drives, specifically targeting removable USB drives identified by a null MediaType value. The worm then infiltrates subfolders on these drives, generating shortcuts that aid in disseminating the malware.

The global spread of LitterDrifter signifies a worrying escalation in cyber espionage capabilities, highlighting the ongoing threat posed by state-affiliated hacking groups. The ease with which this malware spreads via USB drives emphasizes the importance of robust cybersecurity practices and awareness, particularly for organizations that handle sensitive data. As cyber threats continue to evolve, staying ahead of such risks is crucial for maintaining global cybersecurity integrity.

The post Russian hackers unleash new USB-based cyber threat LitterDrifter appeared first on ReadWrite.

 

Latest Articles

DON’T MISS THE OPPORTUNITY TO JOIN OUR MARKET SUMMARY REPORT FOR A LIMITED TIME

By submitting this form on our website, you agree that we may collect and use your personal information for marketing, and for other purposes as set forth in our privacy policy, which we encourage you to review.