DailyPost 2937
AIR-GAPPED SYSTEMS BREACHED
While we keep getting news of breaches / hacks every now and then, from small to big to critical and massive, air gapped systems breach certainly are way above ordinary. It can have repercussions which can be far reaching, way beyond commercial or reputational damage. Air gapped systems is a primordial need of governments in many of the critical areas they work in. Getting breached is not an option for them. In such breaches there is nothing called full recovery for a variety of reasons.
What is the rationale behind air gapped systems? Such systems are used in critical operations, which often manage confidential information, and are isolated from open networks as a matter of abundant precaution. The story of the Stuxnet malware 2010 is still a fresh story in our minds. Presumed to have been developed by the US and Israel, it literally decimated the Iranian nuclear ambition. Natanz was the nuclear enrichment facility and its air gapped system was breached. The USB drive was the main culprit, a meticulous example of social engineering. Rest, as they say, is history.
The breach of air gapped systems still sends shivers down the spine of those, who are officially tasked to operate it. It is for this reason the breach of European government air gapped systems getting breached using custom malware is making big news. According to a recent ESET report this has happened at least two times. First happened against the embassy of a South Asian country in Belarus in September 2019 and again in July 2021. The second one was against another European government organisation between May 2022 and March 2024.
An APT hacking group has successfully breached the air gapped government systems in Europe using two custom tool sets to steal sensitive sets. This was to steal sensitive data, like emails, encryption keys, images, archives and documents. The hacking group in question is GoldenJackal. In May 2023, Kaspersky warned about GoldenJackal’s activities, emphasising that this threat actor focuses on government and diplomatic activities for purposes of espionage. They use custom tools spread over USB drives, like the JackalWorm. It is for the first time cases of successful compromise of air gapped systems are confirmed.
THE SUCCESSFUL BREACH OF AIR GAPPED SYSTEMS IS A MAJOR VICTORY FOR THE HACKERS.
Sanjay Sahay
Have a nice evening.