Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Air-gapped systems targeted by Sednit espionage group

Air-gapped systems targeted by Sednit espionage group


Softpedia - (International) Researchers with ESET stated that the Sednit espionage group (also known as APT28 or Sofacy) have employed a tool known as Win32/USBStealer since at least 2005 that can exfiltrate data from air gapped systems. The tool is added to a compromised system connected to the Internet and then plants the tool on any removable storage device, collects information on the air gapped system, and then transmits it back to the attackers whenever the storage device is next connected to an Internet-connected system.


Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at:

Last Updated: 27 May 2016 10:22:26