Components from this project create a covert network within the closed network and allow the execution of surveys, directory listings, and running arbitrary executables.
The hacks revealed in these documents are similar to those used in the Stuxnet attacks against Iranian nuclear reactors.
One of the manuals describes the use of a tool known as Drifting Deadline which first infects an Internet-connected computer and then a plugged-in flash drive. Using the same drive on any other computer would spread the infection.
The main vector for infection on thumb drives is a hand-crafted .lnk file that can load and execute a dynamic linked library without any user interaction. Older versions of this used a mechanism called EZCheese, a zero-day vulnerability that was patched by Microsoft in March 2015.
Newer versions use a similar, but yet unknown link file vulnerability (Lachesis/RiverJack) related to Windows' library-ms functionality.