Check Point threat researchers recently discovered a USB worm dubbed LitterDrifter that the Gamaredon APT group used to target Ukrainian entities. The worm has now spread to a host of likely unintended targets in the US, Chile, Germany, Poland, Vietnam, and Hong Kong.
- The Russia-linked Gamaredon APT group has operated for over a decade and historically focused on operations against Ukrainian government, military, and news organizations. In 2021, the Ukrainian SBU exposed multiple Gamaredon members as employees of Russia’s Federal Security Service (FSB).
- The LitterDrifter malware is capable of automatically spreading to other USB drives on infected systems and executing payloads received from a flexible network of C2 servers. Gamaredon routinely changes the domains and IP addresses linked to its C2 servers. Check Point called the LitterDrifter malware unsophisticated, but noted its effective approach to maintaining persistence on Ukrainian networks.
Read More:
https://www.securityweek.com/russias-litterdrifter-usb-worm-spreads-beyond-ukraine/