Chinese Hacker Group Targets Air-Gapped Networks

itwbennett writes An otherwise unremarkable hacking group likely aligned with China appears to be one of the first to have targeted so-called air-gapped networks that are not directly connected to the Internet, according to FireEye, which released a 69-page technical report on Sunday on the group. FireEye picked up on it after some of the malware used by the group was found to have infected defense-related clients in the U.S., said Jen Weedon, manager of strategic analysis with FireEye.

Re:No mention of getting data out

[ScentCone]

you can bring your USB drive into the secure area, but it can't be removed ... I still don't have anything useful

Stuxnet wasn't all about "getting anything out," either.

Re:No mention of getting data out

[geekmux]

It seems that this group managed to spread their malware via USB sticks. The modern equivalent of floppy disk viruses. But in all of the classified networks that I've seen, you can bring your USB drive into the secure area, but it can't be removed. So even if I managed to get my malware on a machine and then somehow got the sensitive data onto some sort of external media, I still don't have anything useful. Not that I wouldn't want to defend against the malware, but it seems that the air gap really is doing it's job.

This may be true of the systems you have worked on, but it isn't true of all classified systems.

If a classified system is approved for trusted downloading, then it is enabled for certain data to be passed to and from that air-gapped system, usually via optical drive, but other means(USB, floppy) are not unheard of.

Let's put this another way. Ongoing development that also includes attacks on air-gapped systems would not be ongoing if there were no viable methods of attack. That would be rather pointless.

Re:No mention of getting data out

[ScentCone]

Sure, but something like that doesn't HAVE to, in order to still be a significant (and possibly lethal) PITA.