Select Page

Four different malicious frameworks designed to attack air-gapped networks were detected in the first half of 2020 alone, bringing the total number of such toolkits to 17 and offering adversaries a pathway to cyber espionage and exfiltrate classified information.

“All frameworks are designed to perform some form of espionage, [and] all the frameworks used USB drives as the physical transmission medium to transfer data in and out of the targeted air-gapped networks,” ESET researchers Alexis Dorais-Joncas and Facundo Muñoz said in a comprehensive study of the frameworks.

Air-gapping is a network security measure designed to prevent unauthorized access to systems by physically isolating them from other unsecured networks, including local area networks and the public internet. This also implies that the only way to transfer data is by connecting a physical device to it, such as USB drives or external hard disks.

Given that the mechanism is one of the most common ways SCADA and industrial control systems (ICS) are protected, APT groups that are typically sponsored or part of nation-state efforts have increasingly set their sights on the critical infrastructure in hopes of infiltrating an air-gapped network with malware so as to surveil targets of interest.

images from Hacker News