SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
New worm named LitterDrifter heightens global cyber threat landscape
Tue, 21st Nov 2023

Check Point Research has revealed how ongoing geopolitical conflicts are shaping the global cyber threat landscape. The research focused on Gamaredon, a significant player in Russian cyber espionage known especially for its large-scale campaigns targeting Ukrainian entities. The group's latest instrument, a USB-propagating worm named LitterDrifter, illustrates an advancement in their tactics.

LitterDrifter is a VBS-written worm that offers dual functionalities. It is designed to automatically spread via USB drives while maintaining communication with a changeable network of command-and-control servers. This capability aligns with Gamaredon's objective of achieving persistent access to their targets.

Although Gamaredon traditionally focuses on Ukrainian entities, the global impact of LitterDrifter is becoming apparent, Check Point Research says. Potential infections originating from LitterDrifter have been observed in various locations worldwide, including the USA, Vietnam, Chile, Poland, Germany, and Hong Kong. The propagation of the worm beyond its intended audience underlines its broader threat to global cybersecurity.

In the ever-diversifying field of cybersecurity threats, certain entities like Gamaredon stand out due to their audacity and determination. The group, alternatively known as Primitive Bear, ACTINIUM, and Shuckworm, is a notable actor in Russian espionage with a distinct focus on Ukrainian entities. Unlike many cyber espionage factions working under the radar, Gamaredon is characteristically conspicuous with its large-scale campaigns, leaving traces eager for exploration by cybersecurity researchers. This research specifically analyses one of Gamaredon's notorious tools - the LitterDrifter worm.

Gamaredon differentiates itself by regularly targeting an extensive range of Ukrainian institutions, demonstrating an unwavering commitment to its espionage objectives. The Security Service of Ukraine (SSU) has linked Gamaredon personnel to the Russian Federal Security Service (FSB), introducing an intriguing geopolitical aspect to the group's initiatives.

The comprehensive analysis conducted by Check Point Research delved into Gamaredon's command-and-control infrastructure, highlighting its remarkable flexibility and volatility. Despite these fluctuating traits, the infrastructure exhibits previously reported patterns and characteristics, indicating a certain consistency in Gamaredon's operations.

As experts continue to disentangle the intricate web of state-sponsored cyber espionage, Gamaredon remains a focal point due to its threat level, Check Point Research says. The LitterDrifter worm testifies to the group's adaptability and innovation, showcasing the incessant progression of cyber threats. The understanding and breakdown of such malware is essential for reinforcing global cybersecurity defences against increasingly advanced adversaries.

Furthermore, Check Point Research reassures that their customer base remains safeguarded against attacks disclosed in this report, highlighting their efficacy in accurate prevention against advanced attacks.