Security News > 2020 > June > Sophisticated Info-Stealer Targets Air-Gapped Devices via USB

Sophisticated Info-Stealer Targets Air-Gapped Devices via USB
2020-06-03 20:51

The Cycldek APT group has added a previously unknown malware dubbed USBCulprit to its arsenal, aimed at reaching air-gapped devices.

"These documents are then transferred to USB drives connected to the system. This suggests the malware was designed to reach air-gapped machines, or those that are not directly connected to the internet or any other computer connected to internet."

Once compromised, the victims are infected with a payload malware called NewCore RAT. "This malware consists of two variants with advanced data stealing capabilities: BlueCore and RedCore," according to Kaspersky.

Some variants issue commands to gather various pieces of host network information, Kaspersky found: "These are logged to a file that is later transferred along with the stolen data to the USB and can help attackers profile whether the machine in which the malware was executed is indeed part of a segregated network."

That said, the malware does not automatically execute upon USB connection, which "Leads us to believe the malware is supposed to be run manually by a human handler," researchers said.


News URL

https://threatpost.com/info-stealer-air-gapped-devices-usb/156262/