In this post, I am going to go over a real world example of how hardware additions are used to assist operators in creating and maintaining access into a target network. Red team operators usually have various pieces of hardware to assist in their operations, including (but not limited to) P4wnp1 (badusb), PhanTap (implant), Pineapple Wifi (wireless), or any number of combinations to achieve their goal.
The MITRE ATT&CK Framework describes the attack as follows:
Adversaries may introduce computer accessories, computers, or networking hardware into a system or network that can be used as a vector to gain access. While public references of usage by APT groups are scarce, many penetration testers leverage hardware additions for initial access. Commercial and open source products are leveraged with capabilities such as passive network tapping, man-in-the middle encryption breaking, keystroke injection, kernel memory reading via DMA, adding new wireless access to an existing network, and others.
To show how this type of attack is used, you can take a look at my post on the Phantom Tap or ‘PhanTap’, which is used as a hardware implant to provide a secure VPN connection into the target network.