. home.aspx



Air-Gapped Systems Targeted with Weaponized USBs

June 25, 2018 / Kacy Zurkus

A cyber-espionage group has been weaponizing presumably secure USB drives to target air-gapped critical systems. The Tick group, discovered by researchers at Palo Alto Networks Unit 42, reportedly targets organizations from Japan and South Korea with custom malware, including Minzen, Datper, Nioupale (aka Daserf), and HomamDownloader. Though the type of USB drive compromised in the attack was supposed to be certified as secure by the South Korean ITSCC, the Tick group loaded malicious files onto the USBs. The number of drives compromised remains unknown. “The weaponization of a secure USB drive is an uncommon attack technique and likely done in an effort to spread to air-gapped systems, which are systems that do not connect to the public internet,” Unit 42 wrote. Without possession of a compromised USB drive or access to the malicious file, Unit 42 could not detail all sequences in the attack. Researchers said it is also unclear whether the devices were corrupted through th...