Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chinese Hacker Group Targets Air-Gapped Networks

Posted by samzenpus on from the minding-the-gap dept.

itwbennett writes An otherwise unremarkable hacking group likely aligned with China appears to be one of the first to have targeted so-called air-gapped networks that are not directly connected to the Internet, according to FireEye, which released a 69-page technical report on Sunday on the group. FireEye picked up on it after some of the malware used by the group was found to have infected defense-related clients in the U.S., said Jen Weedon, manager of strategic analysis with FireEye.

3 of 71 comments (clear)

  1. Re:No mention of getting data out by masterofthumbs · · Score: 5, Informative

    I think they are relying on people to accidentally forget to confiscate the devices when leaving secure areas or the malware is waiting for some other way to communicate out of the network. Recently, a researcher showed how he was able to move data (albeit, very slowly) between two air-gapped machines just using temperature changes of both infected machines. Something using built-in speakers and mics of two machines could also move data using ultrasonic audio. If this is a targeted attack looking for a specific piece of information, a private key perhaps, you wouldn't need to transfer the information very long before someone notices.

    All of these air-gapped exploits pretty much rely on people clicking things they shouldn't or plugging things in to other things they shouldn't but the hard part is getting back out of the air-gapped network.

  2. Re:No mention of getting data out by dunkindave · · Score: 4, Informative

    It seems that this group managed to spread their malware via USB sticks. The modern equivalent of floppy disk viruses. But in all of the classified networks that I've seen, you can bring your USB drive into the secure area, but it can't be removed. So even if I managed to get my malware on a machine and then somehow got the sensitive data onto some sort of external media, I still don't have anything useful. Not that I wouldn't want to defend against the malware, but it seems that the air gap really is doing it's job.

    There are ways for a machine to transmit information other than a wire, that can be detected by other devices. The infected air-gapped machine could send information out through its speakers that a microphone elsewhere could hear. It could flash its screen in binary in the middle of the night that someone outside the building might see through a window. It can raise and lower its power usage through various means that might be detected at the power feed. There was even an article a month ago talking about changing the heat output of the air-gapped machine that could be detected by the thermal sensors in a nearby computer. And there are even more that I won't go into.

    So there are ways to send information out even if the USB drive doesn't leave.

  3. Note to the terminology-impaired by Chris+Mattern · · Score: 3, Informative

    If you can stick foreign media into it, it's not airgapped.