Russian state hackers spread USB worm worldwide

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

Security researchers have discovered a USB propagating “worm” developed by state-backed Russian hackers to infect Ukrainian targets, which they warn is now spreading globally.

The LitterDrifter worm automatically spreads malware via a hidden file within USB drives, with a victim’s data then transmitted back to the attackers.

Cyber security firm Check Point Software described the malware as “a unique player in the Russian espionage ecosystem”, designed to collect data and spy on communications.

The method of its distribution via removable USB drives means it is difficult to contain the worm to just the intended targets, according to the researchers.

“Due to the nature of the USB worm, we see indications of possible infection in various countries like the US, Vietnam, Chile, Poland and Germany,” Check Point researchers wrote in a blog post detailing the threat.

“In addition, we’ve observed evidence of infections in Hong Kong. All this might indicate that much like other USB worms, LitterDrifter have spread beyond its intended targets.”

The Security Service of Ukraine (SSU) said the campaign had been identified as originating from personnel within Russia’s Federal Security Service (FSB).

Since Russia’s invasion of Ukraine last year, the Ukrainian government has been under “near-constant digital attack”, according to Google’s Shane Huntley, who is a senior director at the tech giant’s threat analysis group.

“Russian government-backed attackers have engaged in an aggressive, multi-pronged effort to gain a decisive wartime advantage in cyberspace, often with mixed results,” Mr Huntley wrote in a July post.

Cyber attacks have also been perpetrated against Nato partners and Ukraine’s allies, witch such attacks increasing in 2023.

Ukraine’s National Cybersecurity Coordination Center (NCSCC) recently revealed that Russian-backed hackers have been targeting European embassies.

The latest discovery demonstrates how targeted attacks can easily spread globally when distributed in such a manner.

“It leverages simple, yet effective techniques to ensure it can reach the widest possible set of targets in the region,” the Check Point researchers noted.

“It’s clear that LitterDrifter was designed to support a large-scale collection operation.”