Attacking Air-Gap-Segregated Computers
ATT&CK techniques detected
T1091Replication Through Removable Media
96%
“of highly - valuable intellectual property, and the supervisory control and data acquisition ( scada ) systems that control water and power systems. cryptocurrencies like bitcoin and ethereum also make use of air - gapped storage systems called cold wallets to securely store the …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1091Replication Through Removable Media
80%
“gapped targets. 7 another way to compromise an air - gapped system is to “ pre - penetrate ” it before it ends up in the air gap by sabotaging it ’ s supply chain. it ’ s not unusual for an advanced attacker to study their victim and determine their technical infrastructure. then…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1052.001Exfiltration over USB
58%
“it. exfiltrating from the air gap assuming the mission isn ’ t destruction ( stuxnet ) or ransomware, then the real trick is getting the stolen data out. if the attacker used a usb stick to get the malware in, they could use the same method to get it out. the infamous leaker chel…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Computers disconnected from the wire can still be compromised using advanced, off-the-shelf tools.