Litterdrifter

Malware updated 7 months ago (2024-05-04T19:28:12.105Z)
Download STIX
Preview STIX
LitterDrifter is a malicious software (malware) that has been identified as a tool of the Russian Advanced Persistent Threat (APT) group, Gamaredon. This malware is particularly insidious as it is spread via USB drives, allowing for both direct and indirect infection of targeted systems. It was initially observed in use against Ukraine, but its reach has since expanded globally. The first instances of LitterDrifter being used by Gamaredon were reported in November 2023. The malware was propagated through USB devices and primarily targeted Ukrainian systems. However, it quickly became clear that this was not an isolated attack but part of a broader campaign by the Russian APT group. Since then, Gamaredon's LitterDrifter worm has been found in a diverse range of countries including Chile, Germany, Poland, South Korea, the US, and Vietnam. This indicates a significant escalation in Gamaredon's activities and suggests a global threat. It underscores the need for robust cybersecurity measures, particularly in relation to removable storage devices, to prevent further propagation of this harmful malware.
Description last updated: 2024-05-04T16:37:45.544Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Worm
Malware
Telegram
Apt
Ukraine
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Gamaredon Threat Actor is associated with Litterdrifter. Gamaredon, a Russia-aligned threat actor, has emerged as one of the most active Advanced Persistent Threat (APT) groups in Ukraine, particularly since Russia's 2022 invasion of the country. Composed of regular officers from the Russian Federal Security Service (FSB) and some former law enforcement ohas used
6
The Gamaredon Group Threat Actor is associated with Litterdrifter. The Gamaredon group, a threat actor active since at least 2013, uses sophisticated techniques to execute malicious campaigns. Notably, they employ signed binaries (T1116) in their operations and utilize tools coded in C/C++, C#, batch file, and VBScript. Despite the relative simplicity of their toolUnspecified
2
Source Document References
Information about the Litterdrifter Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
8 months ago
DARKReading
8 months ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
Securityaffairs
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Securityaffairs
a year ago
Securityaffairs
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago