Security researchers have discovered a USB-spreader “worm” that they warn is being developed by state-sponsored Russian hackers to harm Ukrainian targets and is already spreading globally.
The LitterDrifter worm automatically spreads malware via a hidden file on USB drives, and the victim’s data is then transmitted back to the attackers.
Cybersecurity firm Check Point Software described the malware, designed to collect data and spy on communications, as “a unique player in the Russian espionage ecosystem.”
According to the researchers, the method of spreading via removable USB drives means it is difficult to limit the worm to its intended targets.
“Due to the nature of the USB worm, we are seeing signs of possible infection in countries as diverse as the US, Vietnam, Chile, Poland and Germany,” Check Point researchers wrote in a blog post detailing the threat.
“In addition, we have also observed evidence of infections in Hong Kong, which may indicate that LitterDrifter, like other USB worms, is spreading beyond its intended targets.
The Security Service of Ukraine (SSU) said the campaign had been identified as originating from Russian Federal Security Service (FSB) personnel.
According to Shane Huntley, senior director in the threat analysis group at tech giant Google, the Ukrainian government has been under “almost constant digital attack” since Russia invaded Ukraine last year.
“Russian government-backed attackers have engaged in an aggressive, multi-pronged effort to gain a decisive combat advantage in cyberspace, often with uncertain results,” Huntley wrote in July.
Cyberattacks are also being carried out against NATO partners and Ukraine’s allies, and such attacks increased in 2023.
Ukraine’s National Cyber Security Coordination Center (NCSCC) recently announced that Russian-backed hackers were targeting European embassies.
This latest discovery shows how targeted attacks can easily spread globally when distributed in this way.
“The virus utilizes simple but effective techniques to ensure it can reach the widest possible audience in the region,” Check Point researchers said.
LitterDrifter is clearly designed to support a large-scale information-gathering operation.
