Security News > 2020 > June > Chinese Hackers Target Air-Gapped Systems With Custom USB Malware

For years, a China-linked threat actor named Cycldek has been exfiltrating data from air-gapped systems using a previously unreported, custom USB malware family, Kaspersky reports.

Both malware versions were used to target diplomatic and government entities, but each was focused on a different geography, Kaspersky believes.

One such tool is USBCulprit, a piece of previously unreported malware that was observed being downloaded by RedCore implants and which can scan various paths in victim machines and collect specific documents and pass them on to USB drives that are connected to the system.

The malware is also capable of lateral movement: based on the existence of another marker, it would copy its binary to the same folder on the USB drive where the files for exfiltration are located.

"The characteristics of the malware can give rise to several assumptions about its purpose and use cases, one of which is to reach and obtain data from air-gapped machines. This would explain the lack of any network communication in the malware, and the use of only removable media as a means of transferring inbound and outbound data," the researchers note.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/XzJgQe22EAI/chinese-hackers-target-air-gapped-systems-custom-usb-malware