The group known as Gamaredon is connected to Russia's Federal Security Service by the Security Service of Ukraine and is fond of attracting attention. Its espionage-motivated campaigns targeting large numbers of Ukrainian organisations are easy to detect and tie back to the Russian government. The campaigns typically revolve around malware to obtain as much information from targets as possible.
One of those tools is a computer worm designed to spread from computer to computer through USB drives. Tracked by researchers from Check Point Research as LitterDrifter, the malware is written in the Visual Basic Scripting language.
LitterDrifter serves two purposes: to spread from USB drive to USB drive promiscuously and to permanently infect the devices that connect to such drives with malware that permanently communicates with Gamaredon-operated command and control servers. "
Check Point said that Gamaredon continues to focus on various Ukrainian targets. Still, due to the nature of the USB worm, there are indications of possible infection in other countries.
"In addition, we've observed evidence of infections in Hong Kong. All this might indicate that much like other USB worms, LitterDrifter has spread beyond its intended targets," Check Point said.
VirusTotal submissions usually come from people or organisations that encounter unfamiliar or suspicious-looking software on their networks and want to know if it's malicious.
The data suggests that the number of infections in the US, Vietnam, Chile, Poland, and Germany may be roughly half of those hitting organisations inside Ukraine.