As component subdivision of its ongoing Vault seven leaks, the whistleblower scheme WikiLeaks today revealed virtually a CIA contractor responsible for analysing advanced malware as well as hacking techniques existence used inwards the wild past times cyber criminals.
According to the documents leaked past times WikiLeaks, Raytheon Blackbird Technologies, the Central Intelligence Agency (CIA) contractor, submitted nearly 5 such reports to CIA every bit component subdivision of UMBRAGE Component Library (UCL) projection betwixt Nov 2014 as well as September 2015.
These reports incorporate brief analysis virtually proof-of-concept ideas as well as malware assail vectors — publically presented past times safety researchers as well as secretly developed past times cyber espionage hacking groups.
Reports submitted past times Raytheon were allegedly helping CIA's Remote Development Branch (RDB) to collect ideas for developing their ain advanced malware projects.
It was also revealed inwards previous Vault seven leaks that CIA's UMBRAGE malware evolution teams also borrow codes from publicly available malware samples to built its ain spyware tools.
Report 1 — Raytheon analysts detailed a variant of the HTTPBrowser Remote Access Tool (RAT), which was belike developed inwards 2015.
The RAT, which is designed to capture keystrokes from the targeted systems, was existence used past times a Chinese cyber espionage APT grouping called 'Emissary Panda.'
Report 2 — This document details a variant of the NfLog Remote Access Tool (RAT), also known every bit IsSpace, which was existence used past times Samurai Panda, Identified every bit roughly other Chinese hacking group.
Equipped alongside Adobe Flash zero-day exploit CVE-2015-5122 (leaked inwards Hacking Team dump) as well as UAC bypass technique, this malware was also able to sniff or enumerate proxy credentials to bypass Windows Firewall.
Report 3 — This written report contains details virtually "Regin" -- a rattling sophisticated malware sample that has been spotted inwards functioning since 2013 as well as majorly designed for surveillance as well as information collection.
Regin is a cyber espionage tool, which is said to hold upward to a greater extent than sophisticated than both Stuxnet as well as Duqu as well as is believed to hold upward developed past times the U.S.A. intelligence way NSA.
The malware uses a modular approach that allowed an operator to enable a customised spying. Regin's pattern makes the malware highly suited for persistent, long-term majority surveillance operations against targets.
Report iv — It details a suspected Russian State-sponsored malware sample called "HammerToss," which was discovered inwards early on 2015 as well as suspected of existence operational since belatedly 2014.
What makes HammerToss interesting is its architecture, which leverages Twitter accounts, GitHub accounts, compromised websites, as well as Cloud-storage to orchestrate command-and-control functions to execute the commands on the targeted systems.
Report 5 — This document details the self-code injection as well as API hooking methods of information stealing Trojan called "Gamker."
Gamker uses uncomplicated decryption, as well as thence drops a re-create of itself using a random filename as well as injects itself into a dissimilar process. The trojan also exhibits other typical trojan behaviours.
Last week, WikiLeaks revealed CIAs Highrise Project that allowed the spying way to stealthy collect as well as forwards stolen information from compromised smartphones to its server through SMS messages.
Since March, the whistle-blowing grouping has published 17 batches of "Vault 7" series, which includes the latest as well as end calendar week leaks, along alongside the next batches:
According to the documents leaked past times WikiLeaks, Raytheon Blackbird Technologies, the Central Intelligence Agency (CIA) contractor, submitted nearly 5 such reports to CIA every bit component subdivision of UMBRAGE Component Library (UCL) projection betwixt Nov 2014 as well as September 2015.
These reports incorporate brief analysis virtually proof-of-concept ideas as well as malware assail vectors — publically presented past times safety researchers as well as secretly developed past times cyber espionage hacking groups.
Reports submitted past times Raytheon were allegedly helping CIA's Remote Development Branch (RDB) to collect ideas for developing their ain advanced malware projects.
It was also revealed inwards previous Vault seven leaks that CIA's UMBRAGE malware evolution teams also borrow codes from publicly available malware samples to built its ain spyware tools.
Here's the listing as well as brief information of each report:
Report 1 — Raytheon analysts detailed a variant of the HTTPBrowser Remote Access Tool (RAT), which was belike developed inwards 2015.
The RAT, which is designed to capture keystrokes from the targeted systems, was existence used past times a Chinese cyber espionage APT grouping called 'Emissary Panda.'
Report 2 — This document details a variant of the NfLog Remote Access Tool (RAT), also known every bit IsSpace, which was existence used past times Samurai Panda, Identified every bit roughly other Chinese hacking group.
Equipped alongside Adobe Flash zero-day exploit CVE-2015-5122 (leaked inwards Hacking Team dump) as well as UAC bypass technique, this malware was also able to sniff or enumerate proxy credentials to bypass Windows Firewall.
Report 3 — This written report contains details virtually "Regin" -- a rattling sophisticated malware sample that has been spotted inwards functioning since 2013 as well as majorly designed for surveillance as well as information collection.
Regin is a cyber espionage tool, which is said to hold upward to a greater extent than sophisticated than both Stuxnet as well as Duqu as well as is believed to hold upward developed past times the U.S.A. intelligence way NSA.
The malware uses a modular approach that allowed an operator to enable a customised spying. Regin's pattern makes the malware highly suited for persistent, long-term majority surveillance operations against targets.
Report iv — It details a suspected Russian State-sponsored malware sample called "HammerToss," which was discovered inwards early on 2015 as well as suspected of existence operational since belatedly 2014.
What makes HammerToss interesting is its architecture, which leverages Twitter accounts, GitHub accounts, compromised websites, as well as Cloud-storage to orchestrate command-and-control functions to execute the commands on the targeted systems.
Report 5 — This document details the self-code injection as well as API hooking methods of information stealing Trojan called "Gamker."
Gamker uses uncomplicated decryption, as well as thence drops a re-create of itself using a random filename as well as injects itself into a dissimilar process. The trojan also exhibits other typical trojan behaviours.
Previous Vault seven CIA Leaks
Last week, WikiLeaks revealed CIAs Highrise Project that allowed the spying way to stealthy collect as well as forwards stolen information from compromised smartphones to its server through SMS messages.
Since March, the whistle-blowing grouping has published 17 batches of "Vault 7" series, which includes the latest as well as end calendar week leaks, along alongside the next batches:
- BothanSpy as well as Gyrfalcon — 2 alleged CIA implants that allowed the spying way to intercept as well as exfiltrate SSH credentials from targeted Windows as well as Linux operating systems using dissimilar assail vectors.
- OutlawCountry – An alleged CIA projection that allowed it to hack as well as remotely spy on computers running the Linux operating systems.
- ELSA – the alleged CIA malware that tracks geo-location of targeted PCs as well as laptops running the Microsoft Windows operating system.
- Brutal Kangaroo – H5N1 tool suite for Microsoft Windows used past times the way to targets unopen networks or air-gapped computers within an scheme or enterprise without requiring whatsoever at 1 time access.
- Cherry Blossom – An agency's framework, basically a remotely controllable firmware-based implant, used for monitoring the Internet activity of the targeted systems past times exploiting vulnerabilities inwards Wi-Fi devices.
- Pandemic – H5N1 CIA's projection that allowed the way to plow Windows file servers into covert assail machines that tin silently infect other computers of involvement within a targeted network.
- Athena – H5N1 CIA's spyware framework that has been designed to stimulate got total command over the infected Windows PCs remotely, as well as works against every version of Microsoft's Windows operating systems, from Windows XP to Windows 10.
- AfterMidnight as well as Assassin – Two alleged CIA malware frameworks for the Microsoft Windows platform that has been designed to monitor as well as written report dorsum actions on the infected remote host estimator as well as execute malicious actions.
- Archimedes – Man-in-the-middle (MitM) assail tool allegedly created past times the CIA to target computers within a Local Area Network (LAN).
- Scribbles – H5N1 slice of software allegedly designed to embed 'web beacons' into confidential documents, allowing the spying way to rails insiders as well as whistleblowers.
- Grasshopper – Framework that allowed the spying way to easily create custom malware for breaking into Microsoft's Windows as well as bypassing antivirus protection.
- Marble – Source code of a cloak-and-dagger anti-forensic framework, basically an obfuscator or a packer used past times the CIA to shroud the actual source of its malware.
- Dark Matter – Hacking exploits the way designed to target iPhones as well as Macs.
- Weeping Angel – Spying tool used past times the way to infiltrate smart TV's, transforming them into covert microphones.
- Year Zero – Alleged CIA hacking exploits for pop hardware as well as software.
Share This :
comment 0 Comments
more_vert