Russian state hackers spread USB worm worldwide

LitterDrifter worm has been traced back to Russia’s Federal Security Service

Anthony Cuthbertson
Wednesday 22 November 2023 15:38 GMT
Comments
Related video: Basic Cyber Threats and How to Protect Yourself

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Security researchers have discovered a USB propagating “worm” developed by state-backed Russian hackers to infect Ukrainian targets, which they warn is now spreading globally.

The LitterDrifter worm automatically spreads malware via a hidden file within USB drives, with a victim’s data then transmitted back to the attackers.

Cyber security firm Check Point Software described the malware as “a unique player in the Russian espionage ecosystem”, designed to collect data and spy on communications.

The method of its distribution via removable USB drives means it is difficult to contain the worm to just the intended targets, according to the researchers.

“Due to the nature of the USB worm, we see indications of possible infection in various countries like the US, Vietnam, Chile, Poland and Germany,” Check Point researchers wrote in a blog post detailing the threat.

“In addition, we’ve observed evidence of infections in Hong Kong. All this might indicate that much like other USB worms, LitterDrifter have spread beyond its intended targets.”

The Security Service of Ukraine (SSU) said the campaign had been identified as originating from personnel within Russia’s Federal Security Service (FSB).

Since Russia’s invasion of Ukraine last year, the Ukrainian government has been under “near-constant digital attack”, according to Google’s Shane Huntley, who is a senior director at the tech giant’s threat analysis group.

“Russian government-backed attackers have engaged in an aggressive, multi-pronged effort to gain a decisive wartime advantage in cyberspace, often with mixed results,” Mr Huntley wrote in a July post.

Cyber attacks have also been perpetrated against Nato partners and Ukraine’s allies, witch such attacks increasing in 2023.

Ukraine’s National Cybersecurity Coordination Center (NCSCC) recently revealed that Russian-backed hackers have been targeting European embassies.

The latest discovery demonstrates how targeted attacks can easily spread globally when distributed in such a manner.

“It leverages simple, yet effective techniques to ensure it can reach the widest possible set of targets in the region,” the Check Point researchers noted.

“It’s clear that LitterDrifter was designed to support a large-scale collection operation.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in