Threat Analysis

Worldwide spread of USB worm by Russian state hackers

Morgan Phisher November 22, 2023

Hey there! I’m coming to you live from the San Francisco Bay Area with some interesting news about what’s happening in the world of cybersecurity.

You might want to take a second look at what’s on your USB device, especially if you’ve been sharing it around. According to some savvy cybersecurity sleuths, there’s this pesky little microbe of a ‘worm’ that’s been hitching rides on USB devices all over the globe.

Our story begins with Russian hackers – the ones that have your grandma double-checking her email before opening anything. It appears they’ve developed this ‘worm’, dubbed LitterDrifter, to target Ukrainians. Here’s where things get tricky, though: the worm doesn’t limit itself just to its initial target. I guess you could say it has ambitions of being a world traveler. The researchers note that this makes it particularly difficult to contain.

Thanks to the crafty nature of this USB worm, potential cases have popped up in several countries including ours, the U.S., as well as Vietnam, Chile, Poland, and Germany. What’s more, there’s evidence of the LitterDrifter worm being present in Hong Kong. It’s sort of like when a foreign bug you didn’t want stows away in your luggage, you know?

According to Ukraine’s Security Service, this digital invasion has roots in Russia’s Federal Security Service. Now, you might recall that Ukraine has been dealing with quite a bit of this type of aggression since they were invaded by Russia. In fact, one of Google’s threat analysis honchos, Shane Huntley, said the Ukrainian government had been under “near-constant digital attack”. Seems that these Russian government-backed factions have been trying to seize command in cyberspace.

And it’s not just Ukraine on the list of targets. Seems like these cyber assailants have been taking a shot at Ukraine’s allies and Nato partners too, which has been escalating in recent times.

Recently, Ukraine’s National Cybersecurity Coordination Center dropped a bombshell: Russian-backed hackers had been setting their sights on European embassies. Yikes!

But what does this all mean and why should we care? Well, it all circles back to how this new type of attack leaves a sizeable footprint. This worm essentially leverages simple, yet efficient techniques to spread as far and wide as it can.

The key takeaway here? The way the LitterDrifter worm was designed illustrates how a cyber weapon intended for specific targets can spiral into a full-blown global issue. It seems we may have to brace ourselves for a digital tsunami on the horizon. Stay safe out there, friends!

by Morgan Phisher | HEAL Security