Common Information
| Type | Value |
|---|---|
| Value |
Replication Through Removable Media |
| Category | Attack-Pattern |
| Type | Mitre-Ics-Techniques |
| Misp Type | Cluster |
| Description | Adversaries may move onto systems, such as those separated from the enterprise network, by copying malware to removable media which is inserted into the control systems environment. The adversary may rely on unknowing trusted third parties, such as suppliers or contractors with access privileges, to introduce the removable media. This technique enables initial access to target devices that never connect to untrusted networks, but are physically accessible. Operators of the German nuclear power plant, Gundremmingen, discovered malware on a facility computer not connected to the internet. The malware included Conficker and W32.Ramnit, which were also found on eighteen removable disk drives in the facility. The plant has since checked for infection and cleaned up more than 1,000 computers.9 An ESET researcher commented that internet disconnection does not guarantee system safety from infection or payload execution. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-11-04 | 57 | Threat Intelligence Report October 29 - November 4 2024 | Red Piranha | ||
| Details | Website | 2024-11-01 | 62 | Weekly Intelligence Report - 01 Nov 2024 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting | ||
| Details | Website | 2024-10-07 | 141 | Mind the (air) gap: GoldenJackal gooses government guardrails | ||
| Details | Website | 2024-10-06 | 29 | Blue Team Labs Online — Suspicious USB Stick Challenge Walkthrough | ||
| Details | Website | 2024-09-25 | 24 | Zero Trust Protections - Illustrated | ||
| Details | Website | 2024-09-09 | 41 | Earth Preta Evolves its Attacks with New Malware and Strategies | ||
| Details | Website | 2024-09-09 | 41 | Earth Preta Evolves its Attacks with New Malware and Strategies | ||
| Details | Website | 2024-02-20 | 137 | Earth Preta Campaign Uses DOPLUGS to Target Asia | ||
| Details | Website | 2023-12-06 | 198 | Russia/Ukraine Update - December 2023 | ||
| Details | Website | 2023-11-09 | 53 | Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology | Mandiant | ||
| Details | Website | 2023-10-31 | 18 | More Than Just a RAT: Unveiling NjRAT's MBR Wiping Capabilities | ||
| Details | Website | 2023-08-25 | 195 | Russia/Ukraine Update - August 2023 | ||
| Details | Website | 2023-08-24 | 119 | Identifying ADHUBLLKA Ransomware: LOLKEK, BIT, OBZ, U2K, TZW Variants | ||
| Details | Website | 2023-07-28 | 0 | What is Lateral Movement in Security | ||
| Details | Website | 2023-07-21 | 0 | Tropic Trooper TryHackMe Write-Up | ||
| Details | Website | 2023-07-06 | 239 | Increased Truebot Activity Infects U.S. and Canada Based Networks | CISA | ||
| Details | Website | 2023-06-28 | 2 | Staff Picks for Splunk Security Reading June 2023 | ||
| Details | Website | 2023-03-23 | 29 | BlackGuard stealer extends its capabilities in new variant - Cybersecurity Insiders | ||
| Details | Website | 2023-03-23 | 78 | Earth Preta Updated Stealthy Strategies | ||
| Details | Website | 2023-03-23 | 78 | Earth Preta Updated Stealthy Strategies | ||
| Details | Website | 2023-03-23 | 80 | Earth Preta Updated Stealthy Strategies | ||
| Details | Website | 2023-01-31 | 29 | Anomali Cyber Watch: KilllSomeOne Folders Invisible in Windows, Everything APIs Abuse Speeds Up Ransomware, APT38 Experiments with Delivery Vectors and Backdoors | ||
| Details | Website | 2022-11-16 | 63 | ARCrypter Ransomware Expands Its Operations From Latin America to the World | ||
| Details | Website | 2022-10-04 | 0 | 8 strange ways employees can (accidently) expose data | ||
| Details | Website | 2022-09-23 | 35 | What Is Initial Access? MITRE ATT&CK® Initial Access Tactic | TA0001 - SOC Prime |