Named Grasshopper, the latest batch reveals a CLI-based framework developed yesteryear the CIA to construct "customised malware" payloads for breaking into Microsoft's Windows operating systems in addition to bypassing antivirus protection.
All the leaked documents are basically a user manual that the means flagged equally "secret" in addition to that are supposed to hold upward alone accessed yesteryear the members of the agency, WikiLeaks claims.
Grasshopper: Customized Malware Builder Framework
According to the leaked documents, Grasshopper framework allows the means members to easily exercise custom malware, depending upon the technical details, such equally what operating organisation in addition to antivirus the targets are using.
The Grasshopper framework thence automatically puts together several components sufficient for attacking the target, in addition to finally, delivers a Windows installer that the means members tin run on a target's figurer in addition to install their custom malware payloads.
"A Grasshopper executable contains i or to a greater extent than installers. An installer is a stack of i or to a greater extent than installer components," the documentation reads. "Grasshopper invokes each constituent of the stack inwards serial to operate on a payload. The ultimate purpose of an installer is to persist a payload."The whistleblowing website claimed the Grasshopper toolset was allegedly designed to become undetected fifty-fifty from the anti-virus products from the world's leading vendors including Kaspersky Lab, Symantec, in addition to Microsoft.
CIA's Grasshopper Uses 'Stolen' Russian Malware
According to WikiLeaks, the CIA created the Grasshopper framework equally a modern cyber-espionage solution non alone to hold upward equally slow to exercise equally possible only also "to keep persistence over infected Microsoft Windows computers."
"Grasshopper allows tools to hold upward installed using a diversity of persistence mechanisms in addition to modified using a diversity of extensions (like encryption)," Wikileaks said inwards the press release.One of the so-called persistence mechanisms linked to Grasshopper is called Stolen Goods (Version 2), which shows how the CIA adapted known malware developed yesteryear cyber criminals across the basis in addition to modified it for its ain uses.
One such malware is "Carberp," which is a malware rootkit developed yesteryear Russian hackers.
"The persistence method in addition to parts of the installer were taken in addition to modified to check our needs," the leaked document noted. "A vast bulk of the master Carberp code that was used has been heavily modified. Very few pieces of the master code be unmodified."It is non even thence clear how late the CIA has used the hacking tools mentioned inwards the documentation, only WikiLeaks says the tools were used betwixt 2012 in addition to 2015.
So far, Wikileaks has revealed the "Year Zero" batch which uncovered CIA hacking exploits for pop hardware in addition to software, the "Dark Matter" batch which focused on exploits in addition to hacking techniques the means designed to target iPhones in addition to Macs, in addition to the tertiary batch called "Marble."
Marble revealed the source code of a undercover anti-forensic framework, basically an obfuscator or a packer used yesteryear the CIA to shroud the actual source of its malware.
Share This :
comment 0 Comments
more_vert