Chinese threat actor has developed new capabilities to target air-gapped systems in an attempt to exfiltrate sensitive data for espionage. Cycldek, Goblin Panda, or Conimes, employs an extensive toolset for lateral movement and information stealing in victim networks. One of the newly revealed tools is named USBCulprit that’s capable of scanning a number of paths, collecting documents with specific extensions (*pdf;*.doc;*.wps;*docx;*ppt;*.xlsx;*.pptx;*.rtf) and exporting them to a connected USB drive.
Source: https://thehackernews.com/2020/06/air-gap-malware-usbculprit.html