#Infosec2025: Threat Actors Weaponizing Hardware Devices to Exploit Fortified Environments – Source: www.infosecurity-magazine.com

Threat actors are weaponizing legitimate hardware devices to compromise even the most fortified targets, warned Bentsi Benatar, CMO and Co-Founder of Sepio during a talk at Infosecurity Europe 2025.

Despite a lack of reporting of such incidents, this approach is being utilized by sophisticated nation-state and financially motivated attackers to target sensitive targets such as banks and energy carriers.

This attack vector involves a hardware device being smuggled into an organization and connected to the network – either by an insider with privileged access to a physical location, or by tricking the victim into installing it themselves through their supply chain.

These devices usually contain malware that can be used for purposes such as data theft, financial theft and sabotage.

One of the most famous examples of this type of attack was the use of the Stuxnet worm to target Iran’s nuclear program in the late 2000s – reportedly setting it back by several years.

Reports indicated that Israel used an insider to plant the malware via a USB stick.

Benatar said that these attacks have become more common in recent years. However, they are significantly underreported because of the embarrassment these incidents would cause to the victim organization.

“It does reflect on their level of physical security,” he noted.

Weaponized Hardware Able to Overcome the Tightest of Defenses

During his talk, Benatar highlighted a case in which an energy carrier was compromised by five manipulated keyboards.

One was connected directly to a HDMI socket, while the other four had a wireless propagated path via a Raspberry Pi Zero W device. This allowed the attackers to transmit data and communicate with a command-and-control (C2) server.

The payload used was “off the shelf”, which could be obtained from legitimate platforms like ChatGPT, Benatar said.

This technique worked despite the company in question following all recommended security measures to protect its key assets, including data diodes and air gapping networks.

Benatar urged organizations to think creatively to mitigate this type of attack, given the sophisticated tricks and lures used to implant weaponized hardware devices.

“These are state-sponsored or cybercriminal groups who are smart in their operations,” he emphasized.

In addition to enhance physical security procedures, Benatar said it is important to use tools that provide continuous insights into all hardware assets to quickly detect any suspicious behaviors or unusual characteristics.