"17 Malware Frameworks Target Air-Gapped Systems for Espionage"

ESET analyzed 17 espionage frameworks designed to target air-gapped networks, finding that they all leverage USB drives and are meant to target Windows systems. The list of these frameworks has been developed over the course of 15 years, but the last four of the frameworks appeared in 2020, suggesting that the interest in targeting isolated systems has increased among threat actors. An air-gapped network is isolated and not connected to any other network. Air-gapping is a security measure often used in high-security environments such as those in the realms of military, government, industrial control, and more. Air-gapped networks are meant to protect highly sensitive information, making them attractive to nation-states and other motivated adversaries. Such adversaries have the resources required to execute attacks against air-gapped systems. Some of the frameworks have been attributed to nation-state threat actors such as DarkHotel, Sednit, Tropic Trooper, Equation Group, Goblin Panda, and Mustang Panda. Possible strategies for protecting air-gapped networks from cyberattacks include disabling direct access to emails on connected systems, disabling USB ports on air-gapped systems, sanitizing USB drives inserted in air-gapped systems, preventing execution on removable drives, and ensuring that air-gapped systems are always updated. This article continues to discuss findings from the analysis of 17 malware frameworks designed to target air-gapped networks and how to protect such networks from cyberattacks. 

Security Week reports "17 Malware Frameworks Target Air-Gapped Systems for Espionage"