Kaspersky Published a research recently according to which, A chinese threat actor has developed new capabilities to target air-gapped system to infiltrate data mostly sensitive and important for espionage.
The APT also known as Goblin Panda or Cycldek has extensive toolset for information stealing in computer networks which also includes many unknown custom tools used in attack against gov agencies in Vietnam, Thailand etc.
The Report analysis reveals it has 2 different variants named Bluecore and redcore which share similarity in both code and infrastructure, while some exclusive features like keylogger and RDP logger are in redcore only.
The malware is programmed in a way to copy itself in a selective manner to certain removable drivers so it can move laterally to other air-gapped systems each time the infected removable usb thumb drive is inserted into other machine.
To read more visit here:
https://securelist.com/cycldek-bridging-the-air-gap/97157/
