Litterdrifter

Malware updated 4 months ago (2024-05-04T19:28:12.105Z)

Download STIX

Preview STIX

LitterDrifter is a malicious software (malware) that has been identified as a tool of the Russian Advanced Persistent Threat (APT) group, Gamaredon. This malware is particularly insidious as it is spread via USB drives, allowing for both direct and indirect infection of targeted systems. It was initially observed in use against Ukraine, but its reach has since expanded globally. The first instances of LitterDrifter being used by Gamaredon were reported in November 2023. The malware was propagated through USB devices and primarily targeted Ukrainian systems. However, it quickly became clear that this was not an isolated attack but part of a broader campaign by the Russian APT group. Since then, Gamaredon's LitterDrifter worm has been found in a diverse range of countries including Chile, Germany, Poland, South Korea, the US, and Vietnam. This indicates a significant escalation in Gamaredon's activities and suggests a global threat. It underscores the need for robust cybersecurity measures, particularly in relation to removable storage devices, to prevent further propagation of this harmful malware.

Description last updated: 2024-05-04T16:37:45.544Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Worm

Malware

Apt

Ukraine

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
Gamaredon	has used	6	Gamaredon, a Russian Advanced Persistent Threat (APT) group, has been identified as a significant threat actor in the cybersecurity landscape. Notably, it has employed the USB worm LitterDrifter in a series of cyberattacks against Ukraine, demonstrating its capacity for sophisticated and disruptive
Gamaredon Group	Unspecified	2	The Gamaredon group, a threat actor active since at least 2013, uses sophisticated techniques to execute malicious campaigns. Notably, they employ signed binaries (T1116) in their operations and utilize tools coded in C/C++, C#, batch file, and VBScript. Despite the relative simplicity of their tool

Source Document References

Information about the Litterdrifter Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
CERT-EU	6 months ago	'The Weirdest Trend in Cybersecurity': Nation-States Returning to USBs \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
DARKReading	6 months ago	'The Weirdest Trend in Cybersecurity': Nation-States Returning to USBs
Securityaffairs	8 months ago	Security Affairs newsletter Round 452 by Pierluigi Paganini
CERT-EU	8 months ago	Security Affairs newsletter Round 452 by Pierluigi Paganini \| #ransomware \| #cybercrime \| National Cyber Security Consulting
CERT-EU	8 months ago	Security Affairs newsletter Round 451 by Pierluigi Paganini \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
Securityaffairs	8 months ago	Security Affairs newsletter Round 451 by Pierluigi Paganini
Securityaffairs	9 months ago	Security Affairs newsletter Round 449 by Pierluigi Paganini
Securityaffairs	9 months ago	Security Affairs newsletter Round 447 by Pierluigi Paganini
CERT-EU	10 months ago	Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine
CERT-EU	10 months ago	Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks
Securityaffairs	10 months ago	Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine
Securityaffairs	9 months ago	Security Affairs newsletter Round 447 by Pierluigi Paganini
CERT-EU	9 months ago	Russian Hackers Have New Tools
CERT-EU	9 months ago	Security Week In Review: November 24, 2023
CERT-EU	9 months ago	Russian hackers unleash new USB-based cyber threat LitterDrifter
CERT-EU	9 months ago	Russian USB malware spreads worldwide, beyond its Ukraine targets
CERT-EU	9 months ago	Russian state hackers unleash USB worm with global reach
CERT-EU	10 months ago	‘LitterDrifter’ Russian USB Worm Leaks from Ukraine War Zone
CERT-EU	10 months ago	‘LitterDrifter’ Russian USB Worm Leaks from Ukraine War Zone
CERT-EU	10 months ago	Novel LitterDrifter USB worm leveraged by Gamaredon for cyberespionage