Hackers from the Russian group Gamaredon, known for its cyberattacks on Ukraine and cooperation with Russian services, have begun distributing new malware via USB.

The new attack was discovered by researchers from Check Point Research. Known as LittleDrifter, the new malware, like all previous cyberattacks by Gamaredon, is aimed at collecting data.

Although this attack was targeted at Ukraine, due to the peculiarity of the USB worm, the malware also reportedly affected the United States, Germany, Vietnam, Chile, and Poland. There are also reports of evidence of the malware being used in Hong Kong.

“The LitterDrifter worm is written in VBS and has two main functionalities: automatic spreading over USB drives, and communication with a broad, flexible set of command-and-control servers. These features are implemented in a manner that aligns with the group’s goals, effectively maintaining a persistent command and control (C2) channel across a wide array of targets. LitterDrifter seems to be an evolution of a previously reported activity tying Gamaredon group to a propagating USB Powershell worm,” said Check Point Research.

Check Point Research has conducted a detailed investigation of this malware, which can be found in the article on their website.