Russian cyber espionage actors affiliated with the Federal Security Service (FSB) have been observed using a USB propagating worm called LitterDrifter in attacks targeting Ukrainian entities.
The LitterDrifter worm packs in two main features: automatically spreading the malware via connected USB drives as well as communicating with the threat actor's command-and-control (C&C) servers.
https://research.checkpoint.com/2023/malware-spotlight-into-the-trash-analyzing-litterdrifter/
It's also suspected to be an evolution of a PowerShell-based USB worm that was previously disclosed by Symantec in June 2023.
https://thehackernews.com/2023/06/new-report-reveals-shuckworms-long.html
The development comes as Ukraine's National Cybersecurity Coordination Center (NCSCC) revealed attacks orchestrated by Russian state-sponsored hackers targeting embassies across Europe, including Italy, Greece, Romania, and Azerbaijan.