A threat actor group with potential ties to China called Cycldek may have more sophisticated capabilities than researchers previously thought after security vendor Kaspersky released an analysis examining the threat group’s malware toolset. Earlier this week, Kaspersky researchers disclosed that they had found new information suggesting these operators may have an extensive foothold in the networks of high-profile targets in several Asian countries including Vietnam, Laos, and Thailand.
Since 2018, Kaspersky reports that the group has expanded its toolset and has been experimenting with powerful new tactics and procedures to breach government agencies in these countries. USBCulprit is a new tool used by the group that is designed for use in air-gapped environments in which systems are not accessible from an external network. The malware has the ability to steal targeted data from infected systems and pass it through to connected USB drives, programmed to copy itself selectively to other USB drives.
Read More: Kaspersky IDs Sophisticated New Malware Targeted at Air-Gapped Systems