Page 44 - AM231124
P. 44

12      INTERNATIONAL                                                                                  Friday, 24 November 2023




        Russian Hacker Group Widens Scope




          with USB-Based Espionage Malware

























































       A Russian-state hacking group, recognized by various                       drives. The infected devices establish a continuous commu-
       aliases  including Gamaredon,  Primitive  Bear, ACTINIUM,                  nication  link with Gamaredon-operated command-and-
       Armageddon, and Shuckworm, notorious for its exclusive                     control servers.

       focus on Ukrainian targets, has recently expanded its reach.
       Whether intentionally or accidentally, the group has allowed               While Gamaredon maintains its focus on Ukrainian entities,
       USB-based espionage  malware  to  infect  organizations  in                the USB worm, LitterDrifter, has shown signs of spreading
       several countries, moving beyond its usual Ukrainian targets.              beyond its intended targets. Check Point researchers have

                                                                                  detected possible infections in countries such as the USA,
       Active since at least 2014 and attributed to Russia’s Federal              Vietnam, Chile, Poland, and Germany. Additionally, evidence
       Security Service by Ukraine’s Security Service, Gamaredon                  of infections has been observed in Hong Kong, indicating a
       operates unlike many Kremlin-backed groups, displaying a                   broader geographical impact.

       disregard for maintaining a low profile.
                                                                                  The nature of the USB-based malware suggests a potential
       In contrast to discreet operations, Gamaredon’s espionage                  expansion beyond intentional targets, either through inad-
       campaigns are easily detectable and traceable back to the                  vertent infections or a shift in the hacking group’s strategy.

       Russian government.  These campaigns primarily involve                     This development raises concerns about the global reach of
       malware designed to extract extensive information from                     Gamaredon’s activities and the potential for the USB worm
       targeted Ukrainian organizations.                                          to compromise organizations beyond its original scope.



       Among the tools employed by the group is a computer worm                   As cybersecurity  experts closely  monitor these  develop-
       identified by Check Point Research as LitterDrifter. Written               ments, the increased geographical footprint of Gamaredon’s
       in Visual Basic Scripting language, LitterDrifter has a dual               malware underscores the evolving and  expanding  threats
       purpose:  widespread transmission  between  USB drives                     posed by state-sponsored hacking groups, emphasizing the

       and the permanent infection of devices connected to these                  need for robust cybersecurity measures on a global scale.
   39   40   41   42   43   44   45   46   47   48   49