Litter Drifter International Aid Organization - Planning Guide

Litter Drifter International Aid Organization

Complete preparation guide for humanitarian espionage scenario

Comprehensive facilitation guidance for Litter Drifter International Aid Organization featuring USB-propagating nation-state worm, humanitarian operations surveillance, refugee data collection, and geopolitical targeting of international relief coordination.

1. Quick Reference

Element Details
Malmon Litter Drifter (Bug/Flying dual-type)
Difficulty Tier Tier 3 (Expert)
Scenario Variant Nation-State: International Humanitarian NGO
Organizational Context Global Relief Alliance: 240 staff, Ukrainian refugee assistance, conflict zone operations
Primary Stakes Humanitarian operations + Refugee data + International coordination + Field safety
Recommended Formats Full Game / Advanced Challenge
Essential NPCs Dr. Anna Volkov (Operations Director), Captain David Shaw (Field Security Manager), Elena Marchenko (Refugee Services Coordinator)
Optional NPCs Ambassador Patricia Chen (International Relations Officer), UN Humanitarian Coordinator, Foreign Intelligence Analyst

Scenario Hook

Global Relief is coordinating emergency humanitarian assistance Wednesday when aid workers discover USB malware targeting organizations supporting Ukrainian refugee operationsβ€”nation-state surveillance worm collects intelligence on humanitarian logistics and vulnerable populations during active conflict.

Victory Condition

Team identifies USB-propagating nation-state surveillance through removable media analysis, protects refugee data and humanitarian operations from continued intelligence collection, ensures field worker safety, and maintains international relief coordination while addressing geopolitical espionage targeting vulnerable populations.

2-3. Configuration & Overview

Full Game (120-140 min): 3 rounds focusing on USB malware detection, humanitarian operations protection, refugee data security

Opening: β€œIt’s Monday morning at Global Relief Alliance. Operations Director Dr. Anna Volkov is coordinating emergency aid convoy for Ukrainian refugees departing Wednesday. But Field Security Manager Captain Shaw reports aid workers received suspicious USB devices at coordination meetings. Cybersecurity analysis reveals sophisticated nation-state worm specifically targeting humanitarian organizations supporting Ukrainian refugee assistance. Foreign intelligence is systematically collecting data on refugee operations, aid logistics, and vulnerable populations during active geopolitical conflict.”

Initial Symptoms:

  • USB devices distributed at humanitarian coordination meetings containing sophisticated nation-state worm
  • Network monitoring detecting unauthorized data collection from refugee services and aid logistics systems
  • Field worker workstations showing USB propagation attempts and intelligence gathering activities
  • Refugee data access patterns suggesting systematic nation-state surveillance rather than legitimate humanitarian work
  • International coordination systems compromised affecting multi-organization relief operations

Organizational Context:

  • Global Relief Alliance: International humanitarian NGO, Ukrainian refugee assistance, conflict zone coordination
  • Key Assets: Refugee data, humanitarian logistics, field worker communications, international relief coordination
  • Regulatory Environment: International humanitarian law, refugee protection, NGO security protocols, conflict zone operations
  • Cultural Factors: Humanitarian ethics culture, vulnerable population protection imperative, international cooperation dependencies

4-12. [Comprehensive Sections Following Template Structure]

Essential NPCs:

  • Dr. Anna Volkov: Operations director balancing humanitarian mission with security threat
  • Captain David Shaw: Field security manager investigating nation-state targeting of aid workers
  • Elena Marchenko: Refugee services coordinator protecting vulnerable population data

Investigation Timeline: Round 1: USB malware discovery, humanitarian operations surveillance Round 2: Refugee data collection assessment, geopolitical attribution Round 3: Aid convoy security decision, international coordination protection

Response Options:

  • USB device isolation and removable media security protocols (DC 12)
  • Refugee data encryption and field worker communication protection (DC 14)
  • International coordination with partner organizations affected by targeting (DC 15)

Key Learning:

  • USB-propagating malware detection and removable media security
  • Humanitarian organization cybersecurity protecting vulnerable populations
  • Nation-state targeting of NGOs during geopolitical conflicts
  • Refugee data protection and international humanitarian law
  • Field worker safety and operational security in conflict zones

MITRE ATT&CK:

  • T1091 (Replication Through Removable Media) - USB propagation
  • T1025 (Data from Removable Media) - Refugee data collection
  • T1005 (Data from Local System) - Humanitarian intelligence gathering

Notes for IM Customization

What worked well:

What to modify next time:

Creative player solutions:

Timing adjustments: