Novel LitterDrifter USB worm leveraged by Gamaredon for cyberespionage

Ukrainian organizations have been targeted by Russian state-sponsored hacking operation Gamaredon, also known as Iron Tilden, Aqua Blizzard, Shuckworm, Primitive Bear, and Winterflounder, with the LitterDrifter USB worm in new cyberespionage attacks, The Hacker News reports. Malware is being distributed by the LitterDrifter worm through a concealed file in a USB drive accompanied by a fraudulent LNK file before deploying "trash.dll" for initial orchestration, according to a Check Point report. LitterDrifter was also noted to have facilitated communications with Telegram channel-extracted command-and-control servers since the beginning of 2023. While Ukraine-based entities are the primary target of LitterDrifter, evidence of potential USB worm compromise have been observed in the U.S., Chile, Germany, Poland, and Vietnam. "It's clear that LitterDrifter was designed to support a large-scale collection operation. It leverages simple, yet effective techniques to ensure it can reach the widest possible set of targets in the region," said Check Point researchers.