News

Russian Hackers May Have Spread This Malware Via Removable Drives

News Room
News Room

A malware-laden storage drive may have helped Russia spy on military activities in Ukraine. 

Cybersecurity vendor Symantec recently uncovered the attack, including evidence that the Windows-based malware arrived through an “infected removable drive.” It found that targeted PCs created a registry key, which indicates the machine accessed a malicious file from the location “D:files.lnk.” The D drive is often assigned to removable drives. 

After the file was accessed, the targeted PC then ran Windows Explorer and the legitimate Microsoft utility Mshta.exe to deliver what appeared to be a malicious VBScript payload. The apparent goal was to deliver a final payload—malware known as “GammaSteel”—which can identify and steal numerous files by sending them to a hacker-controlled server. 

Symantec has attributed the attack to a Russian hacking group called Shuckworm or Gamaredon, which has been active since at least 2013. The Ukrainian government alleges that the hacking group works for Russia’s Federal Security Service, or what was once the Soviet Union’s spy agency, the KGB. 

In this case, the attack targeted a “military mission in Ukraine,” with the malware infection initially occurring in February and continuing into March. “GammaSteel was deployed following a complex, multi-staged attack chain, with frequent use of obfuscation,” Symantec says. “The process was most likely designed to minimize the risk of detection.”

Recommended by Our Editors

The incident highlights how hackers can exploit USB drives to spread malware, although such attacks are rare and usually go after high-profile targets, including companies or governments. Last year, antivirus provider ESET discovered a separate hacking group using malware that can infect an internet-connected computer and then copy itself to a USB drive.

Get Our Best Stories!


Stay Safe With the Latest Security News and Updates

Sign up for our SecurityWatch newsletter for our most important privacy and security stories delivered right to your inbox.

By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.

Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

About Michael Kan

Senior Reporter

Michael Kan

I’ve been working as a journalist for over 15 years—I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017.

Read Michael’s full bio

Read the latest from Michael Kan

Share This Article
Previous Article I Tested 9 AI-Powered Scheduling Assistants. My Favorite Is the One With the Least AI.
Next Article China calls Trump’s trade war a joke, jumps tariffs on U.S. goods to 125%
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay Connected

Latest News

Shoot Stunning 4K Action Footage for Less: Save 30% on the DJI Osmo Action 4
News
iPadOS 19 to turn Apple’s tablet into a touchscreen Mac – report
Gadget
Axel Peyriere’s guide to angel investing in Africa
Computing
Watch on-demand movies and TV shows for life with this A$24 streaming hack
News
Lost your password?