Security News

A recently discovered worm that researchers call LittleDrifter has been spreading over USB drives infecting systems in multiple countries as part of a campaign from the Gamaredon state-sponsored espionage group. Malware researchers saw indications of compromise in the United States, Ukraine, Germany, Vietnam, Poland, Chile, and Hong Kong, which suggests that the threat group lost control of LittleDrifter, which reached unintended targets.

Russian cyber espionage actors affiliated with the Federal Security Service (FSB) have been observed using a USB propagating worm called LitterDrifter in attacks targeting Ukrainian entities....

A new sophisticated threat tracked as 'TetrisPhantom' has been using compromised secure USB drives to target government systems in the Asia-Pacific region. Secure USB drives store files in an encrypted part of the device and are used to safely transfer data between systems, including those in an air-gapped environment.

Government entities in the Asia-Pacific (APAC) region are the target of a long-running cyber espionage campaign dubbed TetrisPhantom. "The attacker covertly spied on and harvested sensitive data...

In its 2023 Mid-Year Cyber Security Report, Check Point Software spotlighted numerous exploits so far this year, including novel uses of artificial intelligence and an old-school attack vector: USB drives. Check Point also reported that state-aligned threat actors are even launching 10-year-old infections such as ANDROMEDA via USB drives.

Cyber attacks using infected USB infection drives as an initial access vector have witnessed a three-fold increase in the first half of 2023,. SOGU is the "Most prevalent USB-based cyber espionage attack using USB flash drives and one of the most aggressive cyber espionage campaigns targeting both public and private sector organizations globally across industry verticals," the Google-owned threat intelligence firm said.

What's old is new again, with researchers seeing a threefold increase in malware distributed through USB drives in the first half of 2023. Previously, in November 2022, the cybersecurity company highlighted a China-nexus campaign leveraging USB devices to infect entities in the Philippines with four distinct malware families.

Malware intended to spread on USB drives is unintentionally infecting networked storage devices, according to infosec vendor Checkpoint. "Upon returning to his home hospital in Europe, the employee introduced the infected USB drive to the hospital's computer systems, which led the infection to spread.".

The Chinese cyber espionage actor known as Camaro Dragon has been observed leveraging a new strain of self-propagating malware that spreads through compromised USB drives. The cybersecurity company, which found evidence of USB malware infections in Myanmar, South Korea, Great Britain, India, and Russia, said the findings are the result of a cyber incident that it investigated at an unnamed European hospital in early 2023.

Symantec's threat research team, part of Broadcom, reports today that the threat actors have recently begun using USB malware to propagate to additional systems inside infected networks. Symantec's analysts report that Gamaredon's 2023 activity spiked between February and March 2023, while the hackers continued to maintain a presence on some compromised machines until May 2023.