Bad USB is ABSOLUTELY a vector for state sponsored hacking. As has USB sticks (or devices) sold in sketchy shops.
https://smartermsp.com/tech-time-warp-the-usb-drive-that-changed-military-cybersecurity/
The virus in question was agent.btz, a piece of “autorun” malware. In 2008, agent.btz infected U.S. Central Command, which was running the wars in Iraq and Afghanistan.
See also
https://en.wikipedia.org/wiki/BadUSB
https://en.wikipedia.org/wiki/Stuxnet
Pretty nuts to see I got downvoted for this. This is cybersecurity 101 shit. Don’t plug untrusted USB devices into sensitive infrastructure. I’m not saying using an Xbox controller is a bad idea. I’m saying plugging an Xbox controller bought in a port side sketchy electronics shop into a freaking nuclear sub is. If they are sourcing it from Microsoft I am have no issues with it.