https://www.schneier.com/blog/archives/2014/03/firewalk_nsa_ex.html

FIREWALK is a bidirectional network implant, capable of passively collecting Gigabit Ethernet network traffic, and actively injecting Ethernet packets onto the same target network.

It’s a combination of compromising the hardware gigabit connector on the motherboard, and embedding within that connector a hidden rf device that can exfiltrate data over a wireless signal, effectively jumping across that air gap in place.

It details how the NSA captured hardware shipments in transit and replaced them with the firewalk compromised hardware and then let the shipments proceed to their intended recipient.

It’s an 11 minute video, and a decent watch.

Work for the NSA, seize package of a computer from person you want to spy on, install RJ45 port with hardware backdoor that also has RF emitter, gather the intercepted packets with RF receiver within distance.

They put an SDR into Ethernet ports. This let them inject exploits and exfil data across air gaps using local agents or proxies who merely got close to the device.