Re: USB worm unleashed by Russian state hackers sp...

Caute_cautim · ‎11-22-2023

Hi All

It appears the Russians have a successful attack vector via USB Keys "LittleDrifter", which appears to keep propagating widely.

Sounds like security education and awareness needs beefing up?

https://arstechnica.com/security/2023/11/normally-targeting-ukraine-russian-state-hackers-spread-usb...

Regards

Caute_Cautim

JoePete · ‎11-23-2023

I find a lot of the reporting of malware falls into the fear-mongering category as it typically fails to describe the platform involved and vector of attack. The description points to Windows malware (Visual Basic script and Windows Management Instrumentation) and the vector doesn't really seem to qualify as a worm as it seems like some user interaction is involved, even beyond plugging in the USB drive - seems lie the malware is accessed through shortcut (i.e. .lnk) file so that would seem to say a user must click it/run it somehow?

Maybe I am missing something, but it seems like it is just another flavor of VB malware.

Caute_cautim · ‎11-23-2023

@JoePete In the old days, I would agree with you, but a lot of these attacks are directed in this case specifically towards Ukraine via a state nation, and it then appears to have spread further than expected.

We appear to in an era of secondary outcomes, or targets, the main target being the intended victim or country, but with unintended consequences, as it is allowed to carry on after it has been released.

Regards

Caute_Cautim

USB worm unleashed by Russian state hackers spreads worldwide