Chinese Hackers Breach Air-Gapped Network In Decade-Long Cyberattack
By 813 Staff
In a move that could reshape the industry, Chinese Hackers Breach Air-Gapped Network In Decade-Long Cyberattack, according to BleepingComputer (@BleepinComputer) (on June 13, 2026).
Source: https://x.com/BleepinComputer/status/2065798659854225851
The expectation was that air-gapped networks—systems physically isolated from the internet—were the gold standard for security. What actually happened, according to internal documents from a joint intelligence task force first reported by @BleepinComputer, is that Chinese state-sponsored hackers spent ten years quietly siphoning data from one such network, using a trick so elegant it bypassed every hardware and software barrier in place.
The operation, which began in 2016 and was only detected in early 2026, targeted a classified research facility. BleepingComputer’s reporting reveals the attackers didn’t breach the air gap directly. Instead, they hijacked the network’s authentication flow—the process that lets authorized users log in—by compromising a third-party identity management update that was manually loaded onto the isolated system via USB. Engineers close to the project say the malware then established a persistent, low-and-slow data bridge by exploiting authorized software updates and peripheral firmware. The data extraction path used a one-way optical relay, meaning sensitive files were encoded into light pulses and transmitted through a sealed, non-internet-connected fiber channel to a separate receiver that relayed the exfiltrated data to the hackers via satellite.
Internal documents show the attackers maintained an astonishingly low profile—their footprint in system logs resembled routine administrative tasks. The facility’s monitoring software flagged no anomalies because the authentication flow itself had been weaponized. The breach was eventually discovered, according to sources, when a routine physical audit of hardware serial numbers revealed a custom-built transmitter inside the optical relay housing.
The implications are severe: this attack rewrites the playbook for securing isolated networks. Standard countermeasures—write-blockers, periodic reviews, USB scanning—proved useless. Industry experts cited by @BleepinComputer now question whether any air-gapped system relying on periodic software updates or third-party hardware is truly secure. As of this week, affected agencies have moved to replace all data diodes and optical relays at the facility with models featuring hardware-based tamper detection. But full remediation remains uncertain—analysts estimate it could take up to eighteen months to audit the decade’s worth of exfiltrated data and determine the full scope of the loss. The rollout of new defensive measures, as one security lead put it, has been anything but smooth.
Source: https://x.com/BleepinComputer/status/2065798659854225851
