Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chinese Hacker Group Targets Air-Gapped Networks

Posted by samzenpus on from the minding-the-gap dept.

itwbennett writes An otherwise unremarkable hacking group likely aligned with China appears to be one of the first to have targeted so-called air-gapped networks that are not directly connected to the Internet, according to FireEye, which released a 69-page technical report on Sunday on the group. FireEye picked up on it after some of the malware used by the group was found to have infected defense-related clients in the U.S., said Jen Weedon, manager of strategic analysis with FireEye.

2 of 71 comments (clear)

  1. Re:No mention of getting data out by masterofthumbs · · Score: 5, Informative

    I think they are relying on people to accidentally forget to confiscate the devices when leaving secure areas or the malware is waiting for some other way to communicate out of the network. Recently, a researcher showed how he was able to move data (albeit, very slowly) between two air-gapped machines just using temperature changes of both infected machines. Something using built-in speakers and mics of two machines could also move data using ultrasonic audio. If this is a targeted attack looking for a specific piece of information, a private key perhaps, you wouldn't need to transfer the information very long before someone notices.

    All of these air-gapped exploits pretty much rely on people clicking things they shouldn't or plugging things in to other things they shouldn't but the hard part is getting back out of the air-gapped network.

  2. Re:No mention of getting data out by Lumpy · · Score: 5, Interesting

    dont have to dial home. Look for new incoming infections to carry the new commands.

    You attack an airgapped but human vulnerable systems like you send probes to outer space. You keep sending them in hopes that one reaches it's target. Anything after you send with the same hopes but with new commands for anything that may have made it there.

    and airgapped can have a reverse comms channel you just need to be clever in finding that channel. Attacking a science facility? You had to target a scientist to get it in there, so target that same person as the outgoing data stream. all you need is YES/NO data. so alter their data that they would communicate back out manually.

    Pop up a typical windows error, "CAUTION ID10T ERROR OK/RETRY" They will report that back to IT via their email that you are watching. There is your return data channel.

    --
    Do not look at laser with remaining good eye.