So far, we haven’t been able to trace back to the initial compromise vector in the campaigns seen in our telemetry.
They hypothesize that attaching a compromised USB drive to an air gapped system is to blame. That seems to be a well known vector at this point. Does it matter much what tool is used to copy data once it’s in?
People literally just drop usb drives in the parking lot of places they want to compromise hoping some idiot will plug it into a machine inside. So they might want to check their security tapes of the parking lot.
I’ve sent a usb drive through the washing machine a couple times. Still works fine. So can’t imagine rain bothers them too much.
They hypothesize that attaching a compromised USB drive to an air gapped system is to blame. That seems to be a well known vector at this point. Does it matter much what tool is used to copy data once it’s in?
People literally just drop usb drives in the parking lot of places they want to compromise hoping some idiot will plug it into a machine inside. So they might want to check their security tapes of the parking lot.
I’ve sent a usb drive through the washing machine a couple times. Still works fine. So can’t imagine rain bothers them too much.