As business office of its Vault vii leaks, WikiLeaks today revealed details virtually a novel implant developed past times the CIA, dubbed AngelFire, to target computers running Windows operating system.
AngelFire framework implants a persistent backdoor on the target Windows computers past times modifying their sectionalisation kicking sector.
AngelFire framework consists v next components:
1. Solartime — it modifies the sectionalisation kicking sector to charge as well as execute the Wolfcreek (kernel code) every fourth dimension the scheme boots up.
2. Wolfcreek — a self-loading driver (kernel code that Solartime executes) that loads other drivers as well as user-mode applications
3. Keystone — a cistron that utilizes DLL injection technique to execute the malicious user applications conduct into scheme retention without dropping them into the file system.
4. BadMFS — a covert file scheme that attempts to install itself inward non-partitioned infinite available on the targeted reckoner as well as stores all drivers as well as implants that Wolfcreek starts.
5. Windows Transitory File system — a novel method of installing AngelFire, which allows the CIA operator to exercise transitory files for specific tasks similar adding as well as removing files to AngelFire, rather than laying independent components on disk.
According to a user manual leaked past times WikiLeaks, AngelFire requires administrative privileges on a target reckoner for successful installation.
The 32-bit version of implant works against Windows XP as well as Windows 7, acre the 64-bit implant tin target Server 2008 R2, Windows 7.
Previous Vault vii CIA Leaks
Last week, WikiLeaks published some other CIA project, dubbed ExpressLane, which detailed virtually the spying software that the CIA agents used to spy on their word partners some the world, including FBI, DHS as well as the NSA.
Since March, WikiLeaks has published 22 batches of "Vault 7" series, which includes the latest as well as final calendar week leaks, along amongst the next batches:
- CouchPotato — Influenza A virus subtype H5N1 CIA projection that revealed its mightiness to spy on video streams remotely inward real-time.
- Dumbo — Influenza A virus subtype H5N1 CIA projection that disclosed its mightiness to hijack as well as manipulate webcams as well as microphones to corrupt or delete recordings.
- Imperial — Influenza A virus subtype H5N1 CIA projection that revealed details of iii CIA-developed hacking tools as well as implants designed to target computers running Apple Mac OS X as well as unlike flavours of Linux OS.
- UCL/Raytheon — An alleged CIA contractor that analysed in-the-wild advanced malware as well as submitted at to the lowest degree v reports to the way for help it develops its malware.
- Highrise — An alleged CIA projection that allowed the the United States way to stealthy collect as well as frontwards stolen information from compromised smartphones to its server via SMS messages.
- BothanSpy as well as Gyrfalcon — Two alleged CIA implants that allowed the spy way to intercept as well as exfiltrate SSH credentials from targeted Windows as well as Linux computers using unlike assail vectors.
- OutlawCountry — An alleged CIA projection that allowed the way to hack as well as remotely spy on computers running Linux operating systems.
- ELSA — Alleged CIA malware that tracks geo-location of targeted laptops as well as computers running the Microsoft Windows OS.
- Brutal Kangaroo — Influenza A virus subtype H5N1 tool suite for Microsoft Windows OS used past times the CIA agents to target shut networks or air-gap computers within an organisation or corporation without requiring whatsoever conduct access.
- Cherry Blossom — Influenza A virus subtype H5N1 framework employed past times the way to monitor the Internet activity of the targeted systems past times exploiting flaws inward Wi-Fi devices.
- Pandemic — Influenza A virus subtype H5N1 CIA's projection that allowed the spying way to plough Windows file servers into covert assail machines that tin silently infect other PCs of involvement within the same network.
- Athena — Influenza A virus subtype H5N1 spyware framework that the way designed to accept total command over the infected Windows systems remotely as well as works against every version of Windows OS–from Windows XP to Windows 10.
- AfterMidnight as well as Assassin — 2 alleged CIA malware frameworks for the Microsoft Windows platform that's meant to monitor as well as written report dorsum actions on the infected remote host PC as well as execute malicious actions.
- Archimedes — Man-in-the-middle (MitM) assail tool allegedly developed past times the way to target computers within a Local Area Network (LAN).
- Scribbles — Software allegedly designed to embed 'web beacons' into confidential documents, allowing the CIA agents to rails insiders as well as whistleblowers.
- Grasshopper — Influenza A virus subtype H5N1 framework which allowed the spying way to easily exercise custom malware for breaking into Microsoft's Windows OS as well as bypassing antivirus protection.
- Marble — Source code of a undercover anti-forensic framework used past times the way to enshroud the actual source of its malware.
- Dark Matter — Hacking exploits the spying way designed to target iPhones as well as Macs.
- Weeping Angel — Spying tool used past times the CIA agents to infiltrate smart TV's, transforming them into covert microphones.
- Year Zero — CIA hacking exploits for pop hardware as well as software.
