• wyrmroot@programming.dev
    link
    fedilink
    English
    arrow-up
    9
    ·
    3 months ago

    So far, we haven’t been able to trace back to the initial compromise vector in the campaigns seen in our telemetry.

    They hypothesize that attaching a compromised USB drive to an air gapped system is to blame. That seems to be a well known vector at this point. Does it matter much what tool is used to copy data once it’s in?

      • lud@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        ·
        3 months ago

        People literally just drop usb drives in the parking lot of places they want to compromise hoping some idiot will plug it into a machine inside.

        You say that like it’s some common occurrence. Is it? As far as I know the CIA, FBI, or NSA (Can’t remember) did a test where they did that in their own parking lot and lots of people fell for it. But is there any evidence of it being done maliciously?

        • ATDA@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          3 months ago

          Even if it isn’t an intentional attack you don’t want people bringing God knows what on USB sticks that may or may not just be infected from the users own home PC. USB storage devices are lovely targets.

          But yeah the South Korean military got infected by a soldier plugging in a planted USB stick.

          I think the narrative of a targeted attack is easier to sell though. Make it us vs them and people grasp the concept a little better. This is very common in information security training in a lot of fields in my experience.

      • linearchaos@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        3 months ago

        There are USB cables that do this now. Air capped machines need to be better about sanitizing USB.