Attackers Using USB Malware to Steal Data From Air-Gapped Networks

Isolating a sensitive computer network from the Internet can be an efficient security measure, but threat actors have found ways to get around it. A group believed to be linked to the Russian government, know as “Sednit,” “APT28” and “Sofacy,” appears to have developed the tools necessary to achieve this task.

Attackers Using USB Malware

In a recent report on the attacks launched by APT28 against European governments, militaries and security organizations, FireEye revealed that one of the tools used by the group is a modular family of implants called CHOPSTICK. Researchers identified one variant of CHOPSTICK that defeats closed networks by routing messages between local directories, the registry and USB drives.