{"id":54638,"date":"2023-11-22T15:02:36","date_gmt":"2023-11-22T15:02:36","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/35221\/USB-Worm-Unleashed-By-Russian-State-Hackers-Spreads-Worldwide.html"},"modified":"2023-11-22T15:02:36","modified_gmt":"2023-11-22T15:02:36","slug":"usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide\/","title":{"rendered":"USB Worm Unleashed By Russian State Hackers Spreads Worldwide"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/11\/malicious-usb-800x800.jpg\" alt=\"USB worm unleashed by Russian state hackers spreads worldwide\"><figcaption class=\"caption\">\n<div class=\"caption-credit\">Getty Images<\/div>\n<\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/security\/2023\/11\/normally-targeting-ukraine-russian-state-hackers-spread-usb-worm-worldwide\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">66<\/span> <span class=\"visually-hidden\"> with <\/span> <\/a> <\/aside>\n<p> <!-- cache hit 85:single\/related:b82aa8499b1b55c3a9fd3a79a4e157a8 --><!-- empty --><\/p>\n<p>A group of Russian-state hackers known for almost exclusively targeting Ukrainian entities has branched out in recent months, either accidentally or purposely, by allowing USB-based espionage malware to infect a variety of organizations in other countries.<\/p>\n<p>The group\u2014known by many names, including Gamaredon, Primitive Bear, ACTINIUM, Armageddon, and Shuckworm\u2014has been active since at least 2014 and has been attributed to Russia\u2019s Federal Security Service by the Security Service of Ukraine. Most Kremlin-backed groups take pains to fly under the radar; Gamaredon doesn&#8217;t care to. Its espionage-motivated campaigns targeting large numbers of Ukrainian organizations are easy to detect and tie back to the Russian government. The campaigns typically revolve around malware that aims to obtain as much information from targets as possible.<\/p>\n<p>One of those tools is a computer worm designed to spread from computer to computer through USB drives. Tracked by researchers from Check Point Research as LitterDrifter, the malware is written in the Visual Basic Scripting language. LitterDrifter serves two purposes: to promiscuously spread from USB drive to USB drive and to permanently infect the devices that connect to such drives with malware that permanently communicates with Gamaredon-operated command-and-control servers.<\/p>\n<p>\u201cGamaredon continues to focus on [a] wide variety [of] Ukrainian targets, but due to the nature of the USB worm, we see indications of possible infection in various countries like USA, Vietnam, Chile, Poland and Germany,\u201d Check Point researchers <a href=\"https:\/\/research.checkpoint.com\/2023\/malware-spotlight-into-the-trash-analyzing-litterdrifter\/\">reported recently<\/a>. \u201cIn addition, we\u2019ve observed evidence of infections in Hong Kong. All this might indicate that much like other USB worms, LitterDrifter [has] spread beyond its intended targets.\u201d<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/11\/litter-drifter-virustotal.webp\" class=\"enlarge\" data-height=\"436\" data-width=\"708\" alt=\"VirusTotal Submissions of LitterDrifter.\"><img loading=\"lazy\" decoding=\"async\" alt=\"VirusTotal Submissions of LitterDrifter.\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/11\/litter-drifter-virustotal-640x394.webp\" width=\"640\" height=\"394\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/11\/litter-drifter-virustotal.webp 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/11\/litter-drifter-virustotal.webp\" class=\"enlarge-link\" data-height=\"436\" data-width=\"708\">Enlarge<\/a> <span class=\"sep\">\/<\/span> VirusTotal Submissions of LitterDrifter.<\/div>\n<div class=\"caption-credit\">Check Point Research<\/div>\n<\/figcaption><\/figure>\n<p>The image above, tracking submissions of LitterDrifter to the Alphabet-owned VirusTotal service, indicates that the Gamaredon malware may be infecting targets well outside the borders of Ukraine. VirusTotal submissions usually come from people or organizations that encounter unfamiliar or suspicious-looking software on their networks and want to know if it\u2019s malicious. The data suggests that the number of infections in the US, Vietnam, Chile, Poland, and Germany combined may be roughly half of those hitting organizations inside Ukraine.<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/11\/litterdrifter-execution-flow.webp\" class=\"enlarge\" data-height=\"741\" data-width=\"662\" alt=\"The execution flow of LitterDrifter.\"><img loading=\"lazy\" decoding=\"async\" alt=\"The execution flow of LitterDrifter.\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/11\/litterdrifter-execution-flow-640x716.webp\" width=\"640\" height=\"716\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/11\/litterdrifter-execution-flow.webp 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/11\/litterdrifter-execution-flow.webp\" class=\"enlarge-link\" data-height=\"741\" data-width=\"662\">Enlarge<\/a> <span class=\"sep\">\/<\/span> The execution flow of LitterDrifter.<\/div>\n<div class=\"caption-credit\">Check Point Research<\/div>\n<\/figcaption><\/figure>\n<p>Worms are forms of malware that spread without requiring a user to take any action. As self-propagating software, worms are notorious for explosive growth at exponential scales. Stuxnet, the worm created by the US National Security Agency and its counterpart from Israel, has been a cautionary tale for spy agencies. Its creators intended Stuxnet to infect only a relatively small number of Iranian targets participating in that country\u2019s uranium enrichment program. Instead, Stuxnet spread far and wide, infecting an estimated 100,000 computers worldwide. Non-USB-activated worms such as NotPetya and WannaCry have infected even more.<\/p>\n<p>LitterDrifter provides a similar means for spreading. Check Point researchers explained:<\/p>\n<blockquote>\n<p>The core essence of the Spreader module lies in recursively accessing subfolders in each drive and creating LNK decoy shortcuts, alongside a hidden copy of the \u201ctrash.dll\u201d file.<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/11\/trashdll.webp\" class=\"enlarge\" data-height=\"178\" data-width=\"1111\" alt=\"trash.dll is distributed as a hidden file in a USB drive together with a decoy LNK.\"><img loading=\"lazy\" decoding=\"async\" alt=\"trash.dll is distributed as a hidden file in a USB drive together with a decoy LNK.\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/11\/trashdll-640x103.webp\" width=\"640\" height=\"103\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/11\/trashdll.webp 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/11\/trashdll.webp\" class=\"enlarge-link\" data-height=\"178\" data-width=\"1111\">Enlarge<\/a> <span class=\"sep\">\/<\/span> trash.dll is distributed as a hidden file in a USB drive together with a decoy LNK.<\/div>\n<\/figcaption><\/figure>\n<p>Upon execution, the module queries the computer\u2019s logical drives using Windows Management Instrumentation (WMI), and searches for logical disks with the&nbsp;<code>MediaType<\/code>&nbsp;value set to&nbsp;<code>null<\/code>, a method often used to identify removable USB drives.<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/11\/LitterDrifter-spreader-component.webp\" class=\"enlarge\" data-height=\"296\" data-width=\"822\" alt=\"LitterDrifter\u2019s spreader component.\"><img loading=\"lazy\" decoding=\"async\" alt=\"LitterDrifter\u2019s spreader component.\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/11\/LitterDrifter-spreader-component-640x230.webp\" width=\"640\" height=\"230\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/11\/LitterDrifter-spreader-component.webp 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/11\/LitterDrifter-spreader-component.webp\" class=\"enlarge-link\" data-height=\"296\" data-width=\"822\">Enlarge<\/a> <span class=\"sep\">\/<\/span> LitterDrifter\u2019s spreader component.<\/div>\n<div class=\"caption-credit\">Check Point Research<\/div>\n<\/figcaption><\/figure>\n<p>For each logical drive detected, the spreader invokes the&nbsp;<code>createShortcutsInSubfolders<\/code>&nbsp;function. Within this function, it iterates the subfolders of a provided folder up to a depth of 2.<\/p>\n<p>For every subfolder, it employs the&nbsp;<code>CreateShortcut<\/code>&nbsp;function as part of the \u201c<code>Create LNK<\/code>\u201d action, which is responsible for generating a shortcut with specific attributes. These shortcuts are LNK files that are given random names chosen from an array in the code. This is an example of the lure\u2019s names from an array in one of the samples that we investigated:<code>(\"Bank_acc\u043eunt\", \"\u043f\u043e\u0441\u0442\u0430\u043d\u043e\u0432a\", \"Bank_acc\u043eunt\", \"\u0441\u043b\u0443\u0436\u0431\u043e\u0432a\", \"c\u043empromising_evidence\")<\/code>. The LNK files use wscript.exe **** to execute \u201ctrash.dll\u201d with specified arguments&nbsp;<code>\" \"\"trash.dll\"\" \/webm \/\/e:vbScript \/\/b \/wm \/cal \"<\/code>. In addition to generating the shortcut, the function also creates a hidden copy of \u201ctrash.dll\u201d in the subfolder.<\/p>\n<figure class=\"image shortcode-img center large\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/11\/litterdrifter-subfolder-iteration.webp\" class=\"enlarge\" data-height=\"330\" data-width=\"683\" alt=\" The function in the Spreader component used to iterate subfolders.\"><img loading=\"lazy\" decoding=\"async\" alt=\" The function in the Spreader component used to iterate subfolders.\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/11\/litterdrifter-subfolder-iteration-640x309.webp\" width=\"640\" height=\"309\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/11\/litterdrifter-subfolder-iteration.webp 2x\"><\/a><figcaption class=\"caption\">\n<div class=\"caption-text\"><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/11\/litterdrifter-subfolder-iteration.webp\" class=\"enlarge-link\" data-height=\"330\" data-width=\"683\">Enlarge<\/a> <span class=\"sep\">\/<\/span> The function in the Spreader component used to iterate subfolders.<\/div>\n<div class=\"caption-credit\">Check Point Research<\/div>\n<\/figcaption><\/figure>\n<\/blockquote>\n<p>The techniques described are relatively simple, but as evidenced, they\u2019re plenty effective, so much so that they have allowed it to break out of its previous Ukrainian-only targeting domain to a much bigger realm. People who want to know if they\u2019ve been infected can check the Check Point post\u2019s indicators of compromise section, which lists file hashes, IP addresses, and domains used by the malware.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>\u201cComprised of two primary components\u2014-a spreading module and a C2 module\u2014it\u2019s clear that LitterDrifter was designed to support a large-scale collection operation,\u201d Check Point researchers wrote. \u201cIt leverages simple, yet effective techniques to ensure it can reach the widest possible set of targets in the region.\u201d<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/35221\/USB-Worm-Unleashed-By-Russian-State-Hackers-Spreads-Worldwide.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":54639,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[9225],"class_list":["post-54638","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackergovernmentmalwarerussiacyberwar"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>USB Worm Unleashed By Russian State Hackers Spreads Worldwide 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"USB Worm Unleashed By Russian State Hackers Spreads Worldwide 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-11-22T15:02:36+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/11\/malicious-usb-800x800.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"USB Worm Unleashed By Russian State Hackers Spreads Worldwide\",\"datePublished\":\"2023-11-22T15:02:36+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide\\\/\"},\"wordCount\":828,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/11\\\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide.jpg\",\"keywords\":[\"headline,hacker,government,malware,russia,cyberwar\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide\\\/\",\"name\":\"USB Worm Unleashed By Russian State Hackers Spreads Worldwide 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/11\\\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide.jpg\",\"datePublished\":\"2023-11-22T15:02:36+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/11\\\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/11\\\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide.jpg\",\"width\":760,\"height\":539},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,government,malware,russia,cyberwar\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackergovernmentmalwarerussiacyberwar\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"USB Worm Unleashed By Russian State Hackers Spreads Worldwide\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"USB Worm Unleashed By Russian State Hackers Spreads Worldwide 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide\/","og_locale":"en_US","og_type":"article","og_title":"USB Worm Unleashed By Russian State Hackers Spreads Worldwide 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-11-22T15:02:36+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/11\/malicious-usb-800x800.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"USB Worm Unleashed By Russian State Hackers Spreads Worldwide","datePublished":"2023-11-22T15:02:36+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide\/"},"wordCount":828,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/11\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide.jpg","keywords":["headline,hacker,government,malware,russia,cyberwar"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide\/","url":"https:\/\/www.threatshub.org\/blog\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide\/","name":"USB Worm Unleashed By Russian State Hackers Spreads Worldwide 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/11\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide.jpg","datePublished":"2023-11-22T15:02:36+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/11\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/11\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide.jpg","width":760,"height":539},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/usb-worm-unleashed-by-russian-state-hackers-spreads-worldwide\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,government,malware,russia,cyberwar","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackergovernmentmalwarerussiacyberwar\/"},{"@type":"ListItem","position":3,"name":"USB Worm Unleashed By Russian State Hackers Spreads Worldwide"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54638","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=54638"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54638\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/54639"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=54638"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=54638"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=54638"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}