I felt like the article spent way too many words to explain the idea of "the agency shared data across the air gap using USB drives, and a vulnerability was used to surreptitiously copy the malware onto the USB and then onto the target machine", and AFAICT none on explaining what that vulnerability is or why it exists (or existed). Then the rest is standard malware-reversing stuff that doesn't say anything interesting except to other malware reverse engineers. The inner workings of the tools aren't interesting from a security perspective; the compromise of the air gap is.
(As for acoustic etc. side-channel attacks: these would require a level of physical access at which point the air gap is moot. E.g. if you can get a physical listening device into the room to listen to fan noise etc. and deduce something about the computation currently being performed, and then eventually turn that into espionage... you could far more easily just directly use the listening device for espionage in the form of listening to the humans operating the computers.)
There was no novel vulnerability. The pwned machine just replaced a recently-accessed folder on the stick with an exe to trick the user into executing it on the target machine.
Yeah it is very bloated. I am suspicious that the article was bloated with AI rather than a human, though. I wonder if they either made the first section as a summary or extended sections necessarily.
For example, early on it says:
" collect interesting information, process the information, exfiltrate files, and distribute files, configurations and commands to other systems."
and later on: " they were used, among other things, to collect and process interesting information, to distribute files, configurations, and commands to other systems, and to exfiltrate files."
It also mentions several times that the attack on a South Asian countries embassy was the first time this software was seen.
Repeating info like this was kind of a sign of part-applied AI edits with RAG a while ago, might still be true today.
Yup, no respect for the people who published the article. It was one paragraph of content impossibly diluted. TLDR: some idiots allowed USB sicks to be plugged into the supposedly air-gapped system. Hilarity ensued.
(As for acoustic etc. side-channel attacks: these would require a level of physical access at which point the air gap is moot. E.g. if you can get a physical listening device into the room to listen to fan noise etc. and deduce something about the computation currently being performed, and then eventually turn that into espionage... you could far more easily just directly use the listening device for espionage in the form of listening to the humans operating the computers.)