Chinese Hacker Group Targets Air-Gapped Networks

itwbennett writes An otherwise unremarkable hacking group likely aligned with China appears to be one of the first to have targeted so-called air-gapped networks that are not directly connected to the Internet, according to FireEye, which released a 69-page technical report on Sunday on the group. FireEye picked up on it after some of the malware used by the group was found to have infected defense-related clients in the U.S., said Jen Weedon, manager of strategic analysis with FireEye.

.....this is news?

[ilsaloving]

The group designed malware components with worm-like capabilities that can infect removable drives such as USB sticks and hard drives. Those devices can transfer the malware if connected to a device on an air-gapped network.

Um... welcome back to the 80s and 90s?

Re:No mention of getting data out

[Lumpy]

dont have to dial home. Look for new incoming infections to carry the new commands.

You attack an airgapped but human vulnerable systems like you send probes to outer space. You keep sending them in hopes that one reaches it's target. Anything after you send with the same hopes but with new commands for anything that may have made it there.

and airgapped can have a reverse comms channel you just need to be clever in finding that channel. Attacking a science facility? You had to target a scientist to get it in there, so target that same person as the outgoing data stream. all you need is YES/NO data. so alter their data that they would communicate back out manually.

Pop up a typical windows error, "CAUTION ID10T ERROR OK/RETRY" They will report that back to IT via their email that you are watching. There is your return data channel.