... when another agent put Zhang’s thumb drive into his computer, it immediately began to install files, a “very out-of-the-ordinary” event that he had never seen happen before during this kind of analysis. The agent had to immediately stop the analysis to halt any further corruption of his computer ....
Of course, we don't know what kind of computer and software setup was involved; but, apparently there wasn't any sandboxing. I hope I can trust the computer wasn't online.
I'm far from the only one who thought it very strange: "No one, not even the Secret Service, should randomly plug in a strange USB stick":
Williams said the best way to forensically examine a suspect USB drive is by plugging the device into an isolated Linux-based computer that doesn’t automatically mount the drive to the operating system.
“We would then create a forensic image of the USB and extract any malware for analysis in the lab,” he said. “While there is still a very small risk that the malware targets Linux, that’s not the normal case.”
Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware
RSAC 2019: Why attackers need domain fronting
How crooks use your doppelgangers to pay with your card:
... protection requires introducing mandatory two-factor authentication, maybe even using some biometrics such as fingerprint reading (real, not digital), iris scanning, or face recognition as the second factor.
A more secure alternative is either to configure a USB flash drive containing a startup key, set up PIN access or, ideally, add multifactor authentication by using both at the same time.
BitLocker has become an ultimate test of hacking nous for some researchers, which is why they’ll keep picking away at it. Known weaknesses included possible bypasses involving the design of Solid State Drives (SSDs), as well as during upgrade reboots.