ODINI Malware Breaches Air-Gapped Systems via Magnetic Data Exfiltration
Researchers have uncovered a novel cyberattack method, dubbed ODINI, that bypasses even the most secure air-gapped systems and Faraday cages by exploiting low-frequency magnetic fields. Traditionally considered impervious to digital threats, these isolated environments used in critical infrastructure, military networks, and sensitive data storage are now vulnerable to sophisticated physical-layer attacks.
The attack begins with an initial compromise, typically through supply-chain attacks, malicious USB drives, or insider threats. Once inside, the malware conducts reconnaissance, collecting credentials, encryption keys, and other sensitive data. Instead of relying on network connections, ODINI manipulates the infected machine’s CPU power consumption, forcing it to generate controlled magnetic fields by rapidly toggling heavy computational workloads. These fields, modulated into binary data, are then captured by an external magnetic sensor planted nearby, which relays the stolen information to attackers via conventional wireless networks.
A key vulnerability lies in Faraday cages’ inability to block low-frequency magnetic fields, which pass through metal shielding with minimal signal loss. Laboratory tests demonstrated that ODINI could transmit data at 40 bits per second over distances of up to 150 centimeters, even when confined to an isolated virtual machine rendering software sandboxing ineffective.
Detection is challenging, as the malware mimics legitimate processing tasks, evading traditional antivirus tools. Defenses include active magnetic jamming, specialized ferromagnetic shielding (e.g., mu-metal), or strict physical zoning to prevent unauthorized devices from approaching sensitive equipment. The discovery underscores the need for updated security protocols to counter emerging threats targeting physical-layer vulnerabilities.
Source: https://cyberpress.org/odini-malware-uses-cpu/
ODINI TPRM report: https://www.rankiteo.com/company/ocean-data-integration-initiative-odini
"id": "oce1778495078",
"linkid": "ocean-data-integration-initiative-odini",
"type": "Cyber Attack",
"date": "5/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'type': ['Critical infrastructure',
'Military networks',
'Sensitive data storage']}],
'attack_vector': ['Supply-chain attacks',
'Malicious USB drives',
'Insider threats'],
'data_breach': {'data_exfiltration': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Credentials',
'Encryption keys',
'Sensitive data']},
'description': 'Researchers have uncovered a novel cyberattack method, dubbed '
'ODINI, that bypasses even the most secure air-gapped systems '
'and Faraday cages by exploiting low-frequency magnetic '
'fields. The attack manipulates CPU power consumption to '
'generate controlled magnetic fields, which are captured by an '
'external sensor and relayed to attackers. This method '
'exploits the inability of Faraday cages to block '
'low-frequency magnetic fields, enabling data exfiltration '
'from isolated environments like critical infrastructure, '
'military networks, and sensitive data storage.',
'impact': {'data_compromised': ['Credentials',
'Encryption keys',
'Sensitive data'],
'operational_impact': 'Potential compromise of highly secure '
'environments',
'systems_affected': ['Air-gapped systems',
'Critical infrastructure',
'Military networks',
'Sensitive data storage']},
'initial_access_broker': {'entry_point': ['Supply-chain attacks',
'Malicious USB drives',
'Insider threats']},
'lessons_learned': 'The discovery underscores the need for updated security '
'protocols to counter emerging threats targeting '
'physical-layer vulnerabilities.',
'post_incident_analysis': {'corrective_actions': ['Active magnetic jamming',
'Specialized ferromagnetic '
'shielding',
'Strict physical zoning'],
'root_causes': 'Exploitation of physical-layer '
'vulnerabilities (low-frequency '
'magnetic fields) in air-gapped '
'systems'},
'recommendations': ['Implement active magnetic jamming',
'Use specialized ferromagnetic shielding (e.g., mu-metal)',
'Enforce strict physical zoning to prevent unauthorized '
'devices from approaching sensitive equipment'],
'references': [{'source': "Researchers' findings"}],
'response': {'containment_measures': ['Active magnetic jamming',
'Specialized ferromagnetic shielding '
'(e.g., mu-metal)',
'Strict physical zoning']},
'title': 'ODINI Malware Breaches Air-Gapped Systems via Magnetic Data '
'Exfiltration',
'type': 'Malware Attack',
'vulnerability_exploited': "Faraday cages' inability to block low-frequency "
'magnetic fields'}