A manipulated peripheral was discovered in air-gapped environment (in the natural gas industry). It was found that a Microsoft mouse had a Raspberry Pi module hidden inside and had gone undetected within environment for months…
The module was programmed to run a PowerShell script which built and executed a hidden communication channel using the wireless interface of the Raspberry PI, bypassing the air-gapped environment. Highly sensitive data was exfiltrated.
HAC-1 detected the attack tool by collecting physical layer 1 information on the endpoint which determined the presence of the infected peripheral device. The physical layer 1 information provided information on which endpoint machine the device was connected to which accelerated the investigation.
