It’s weird for the title to focus on the tools, and not the attack itself.

Two attacks on production air-gapped networks, with different tools, from the same group, is pretty damn impressive. Especially for a group not backed by a nation-state.

Edit: it sounds like this was a multi-stage attack…compromising a production non-airgapped internal system and using that to create the USB payload and later exfiltration. That’s pretty cool. The mule who brought the infected USB into the air-gapped space was likely none the wiser…the media had been written by them, to their own USB, and probably even hardware encrypted at rest (something like an Apricorn).

Dudes just high but yeah this is totally possible today. Deepfake audio is pretty scary.

“Known compromised line” doesn’t matter. Our “publish first, ask questions later” media doesn’t care. Especially when literally everyone has their own portable printing press in their pocket. Who is “media” now? It’s all of us. It’s as much Lester Holt and Chuck Todd as it is your crazy uncle who isn’t invited back to Thanksgiving since “The Obama Incident”. No need for details. Every family has it.