this post was submitted on 23 Nov 2023
137 points (96.0% liked)

Technology

58055 readers
4884 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
L4s@lemmy.world
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
137
USB worm unleashed by Russian state hackers spreads worldwide | Ars Technica (arstechnica.com)
submitted 9 months ago by fne8w2ah@lemmy.world to c/technology@lemmy.world
14 comments fedilink hide all child comments
top 14 comments
sorted by: hot top controversial new old
[–] tsonfeir@lemm.ee 45 points 9 months ago (1 children)

Once again, it’s an exploit for VB, on Windows. So, don’t use Windows and you’re fine. 😎

[–] mindlight@lemm.ee 5 points 9 months ago (4 children)

What do you recommend that is exploit free?

[–] Ibaudia@lemmy.world 29 points 9 months ago (1 children)

Pen and paper

[–] GentlemanLoser@ttrpg.network 10 points 9 months ago (1 children)

Stylus and cuneiform tablets

[–] samus12345@lemmy.world 7 points 9 months ago (1 children)

Grunting and hand gestures

[–] MyTurtleSwimsUpsideDown@kbin.social 11 points 9 months ago (2 children)

Pheromones and farts

[–] otter@lemmy.ca 5 points 9 months ago

Now that's a new band name

[–] Senseless@feddit.de 1 points 9 months ago

There's were I see myself.

[–] Socsa@sh.itjust.works 15 points 9 months ago* (last edited 9 months ago) (1 children)

A properly educated user.

Absent that, a properly secured thin client.

All of my excel jockeys have about as many userspace privileges as my dog on a 737.

[–] tsonfeir@lemm.ee 10 points 9 months ago

I’ve got some tin cans if you’ve got the string.

[–] kogasa@programming.dev 0 points 9 months ago

You're gonna have to settle for VB free

[–] autotldr@lemmings.world 5 points 9 months ago

This is the best summary I could come up with:

A group of Russian-state hackers known for almost exclusively targeting Ukrainian entities has branched out in recent months, either accidentally or purposely, by allowing USB-based espionage malware to infect a variety of organizations in other countries.

“Gamaredon continues to focus on [a] wide variety [of] Ukrainian targets, but due to the nature of the USB worm, we see indications of possible infection in various countries like USA, Vietnam, Chile, Poland and Germany,” Check Point researchers reported recently.

The image above, tracking submissions of LitterDrifter to the Alphabet-owned VirusTotal service, indicates that the Gamaredon malware may be infecting targets well outside the borders of Ukraine.

The data suggests that the number of infections in the US, Vietnam, Chile, Poland, and Germany combined may be roughly half of those hitting organizations inside Ukraine.

The core essence of the Spreader module lies in recursively accessing subfolders in each drive and creating LNK decoy shortcuts, alongside a hidden copy of the “trash.dll” file.

“Comprised of two primary components—-a spreading module and a C2 module—it’s clear that LitterDrifter was designed to support a large-scale collection operation,” Check Point researchers wrote.

The original article contains 739 words, the summary contains 185 words. Saved 75%. I'm a bot and I'm open source!