As component subdivision of its ongoing Vault vii leaks, the whistleblower arrangement WikiLeaks today revealed almost a CIA contractor responsible for analysing advanced malware together with hacking techniques beingness used inwards the wild past times cyber criminals.
According to the documents leaked past times WikiLeaks, Raytheon Blackbird Technologies, the Central Intelligence Agency (CIA) contractor, submitted nearly v such reports to CIA equally component subdivision of UMBRAGE Component Library (UCL) projection betwixt Nov 2014 together with September 2015.
These reports incorporate brief analysis almost proof-of-concept ideas together with malware assault vectors — publically presented past times safety researchers together with secretly developed past times cyber espionage hacking groups.
Reports submitted past times Raytheon were allegedly helping CIA's Remote Development Branch (RDB) to collect ideas for developing their ain advanced malware projects.
It was also revealed inwards previous Vault vii leaks that CIA's UMBRAGE malware evolution teams also borrow codes from publicly available malware samples to built its ain spyware tools.
Report 1 — Raytheon analysts detailed a variant of the HTTPBrowser Remote Access Tool (RAT), which was belike developed inwards 2015.
The RAT, which is designed to capture keystrokes from the targeted systems, was beingness used past times a Chinese cyber espionage APT grouping called 'Emissary Panda.'
Report 2 — This document details a variant of the NfLog Remote Access Tool (RAT), also known equally IsSpace, which was beingness used past times Samurai Panda, Identified equally around other Chinese hacking group.
Equipped amongst Adobe Flash zero-day exploit CVE-2015-5122 (leaked inwards Hacking Team dump) together with UAC bypass technique, this malware was also able to sniff or enumerate proxy credentials to bypass Windows Firewall.
Report 3 — This study contains details almost "Regin" -- a real sophisticated malware sample that has been spotted inwards functioning since 2013 together with majorly designed for surveillance together with information collection.
Regin is a cyber espionage tool, which is said to locomote to a greater extent than sophisticated than both Stuxnet together with Duqu together with is believed to locomote developed past times the States news means NSA.
The malware uses a modular approach that allowed an operator to enable a customised spying. Regin's blueprint makes the malware highly suited for persistent, long-term volume surveillance operations against targets.
Report iv — It details a suspected Russian State-sponsored malware sample called "HammerToss," which was discovered inwards early on 2015 together with suspected of beingness operational since belatedly 2014.
What makes HammerToss interesting is its architecture, which leverages Twitter accounts, GitHub accounts, compromised websites, together with Cloud-storage to orchestrate command-and-control functions to execute the commands on the targeted systems.
Report 5 — This document details the self-code injection together with API hooking methods of information stealing Trojan called "Gamker."
Gamker uses uncomplicated decryption, together with thence drops a re-create of itself using a random filename together with injects itself into a unlike process. The trojan also exhibits other typical trojan behaviours.
Last week, WikiLeaks revealed CIAs Highrise Project that allowed the spying means to stealthy collect together with forwards stolen information from compromised smartphones to its server through SMS messages.
Since March, the whistle-blowing grouping has published 17 batches of "Vault 7" series, which includes the latest together with concluding calendar week leaks, along amongst the next batches:
According to the documents leaked past times WikiLeaks, Raytheon Blackbird Technologies, the Central Intelligence Agency (CIA) contractor, submitted nearly v such reports to CIA equally component subdivision of UMBRAGE Component Library (UCL) projection betwixt Nov 2014 together with September 2015.
These reports incorporate brief analysis almost proof-of-concept ideas together with malware assault vectors — publically presented past times safety researchers together with secretly developed past times cyber espionage hacking groups.
Reports submitted past times Raytheon were allegedly helping CIA's Remote Development Branch (RDB) to collect ideas for developing their ain advanced malware projects.
It was also revealed inwards previous Vault vii leaks that CIA's UMBRAGE malware evolution teams also borrow codes from publicly available malware samples to built its ain spyware tools.
Here's the listing together with brief information of each report:
Report 1 — Raytheon analysts detailed a variant of the HTTPBrowser Remote Access Tool (RAT), which was belike developed inwards 2015.
The RAT, which is designed to capture keystrokes from the targeted systems, was beingness used past times a Chinese cyber espionage APT grouping called 'Emissary Panda.'
Report 2 — This document details a variant of the NfLog Remote Access Tool (RAT), also known equally IsSpace, which was beingness used past times Samurai Panda, Identified equally around other Chinese hacking group.
Equipped amongst Adobe Flash zero-day exploit CVE-2015-5122 (leaked inwards Hacking Team dump) together with UAC bypass technique, this malware was also able to sniff or enumerate proxy credentials to bypass Windows Firewall.
Report 3 — This study contains details almost "Regin" -- a real sophisticated malware sample that has been spotted inwards functioning since 2013 together with majorly designed for surveillance together with information collection.
Regin is a cyber espionage tool, which is said to locomote to a greater extent than sophisticated than both Stuxnet together with Duqu together with is believed to locomote developed past times the States news means NSA.
The malware uses a modular approach that allowed an operator to enable a customised spying. Regin's blueprint makes the malware highly suited for persistent, long-term volume surveillance operations against targets.
Report iv — It details a suspected Russian State-sponsored malware sample called "HammerToss," which was discovered inwards early on 2015 together with suspected of beingness operational since belatedly 2014.
What makes HammerToss interesting is its architecture, which leverages Twitter accounts, GitHub accounts, compromised websites, together with Cloud-storage to orchestrate command-and-control functions to execute the commands on the targeted systems.
Report 5 — This document details the self-code injection together with API hooking methods of information stealing Trojan called "Gamker."
Gamker uses uncomplicated decryption, together with thence drops a re-create of itself using a random filename together with injects itself into a unlike process. The trojan also exhibits other typical trojan behaviours.
Previous Vault vii CIA Leaks
Last week, WikiLeaks revealed CIAs Highrise Project that allowed the spying means to stealthy collect together with forwards stolen information from compromised smartphones to its server through SMS messages.
Since March, the whistle-blowing grouping has published 17 batches of "Vault 7" series, which includes the latest together with concluding calendar week leaks, along amongst the next batches:
- BothanSpy together with Gyrfalcon — 2 alleged CIA implants that allowed the spying means to intercept together with exfiltrate SSH credentials from targeted Windows together with Linux operating systems using unlike assault vectors.
- OutlawCountry – An alleged CIA projection that allowed it to hack together with remotely spy on computers running the Linux operating systems.
- ELSA – the alleged CIA malware that tracks geo-location of targeted PCs together with laptops running the Microsoft Windows operating system.
- Brutal Kangaroo – H5N1 tool suite for Microsoft Windows used past times the means to targets shut networks or air-gapped computers within an arrangement or enterprise without requiring whatever instantly access.
- Cherry Blossom – An agency's framework, basically a remotely controllable firmware-based implant, used for monitoring the Internet activity of the targeted systems past times exploiting vulnerabilities inwards Wi-Fi devices.
- Pandemic – H5N1 CIA's projection that allowed the means to plough Windows file servers into covert assault machines that tin silently infect other computers of involvement within a targeted network.
- Athena – H5N1 CIA's spyware framework that has been designed to accept total command over the infected Windows PCs remotely, together with works against every version of Microsoft's Windows operating systems, from Windows XP to Windows 10.
- AfterMidnight together with Assassin – Two alleged CIA malware frameworks for the Microsoft Windows platform that has been designed to monitor together with study dorsum actions on the infected remote host reckoner together with execute malicious actions.
- Archimedes – Man-in-the-middle (MitM) assault tool allegedly created past times the CIA to target computers within a Local Area Network (LAN).
- Scribbles – H5N1 slice of software allegedly designed to embed 'web beacons' into confidential documents, allowing the spying means to rails insiders together with whistleblowers.
- Grasshopper – Framework that allowed the spying means to easily create custom malware for breaking into Microsoft's Windows together with bypassing antivirus protection.
- Marble – Source code of a hole-and-corner anti-forensic framework, basically an obfuscator or a packer used past times the CIA to enshroud the actual source of its malware.
- Dark Matter – Hacking exploits the means designed to target iPhones together with Macs.
- Weeping Angel – Spying tool used past times the means to infiltrate smart TV's, transforming them into covert microphones.
- Year Zero – Alleged CIA hacking exploits for pop hardware together with software.