WikiLeaks Brutal Kangaroo: CIA tools for air-gapped computers

WikiLeaks Brutal Kangaroo: WikiLeaks published online more CIA secret documents describing the hacking tools of the service. This time the software it describes refers to as Brutal Kangaroo, and can be used to infect air-gapped computers with malware.

Documents originated initially at 11 May 2015 and revised on 23 February next year describe the project Brutal Kangaroo, which uses infected Windows computers to spread malware on non-networked machines via USB sticks.

The CIA suite published by WikiLeaks replaces earlier tools of the service called EZCheese and Emotional Simian, a kind of cyber-weapon that the US intelligence service used to disseminate Stuxnet.

WikiLeaks Brutal Kangaroo
THN image

According to user guide [PDF], the software consists of four specific applications.

The Shattered Assurance is the server-side code that forms the basis of the system ς και μολύνει τους s USBGs connected to a computer infected with the malware Drifting Deadline.

Once an infected thumb drive is connected to a computer it automatically runs its contents and uses Windows 7 as . Immediately after running .Net 4.5, the Drifting Deadline it serves the Shadow malware in the system.

The Shadow malware is a very old software - the user manual [PDF] dates from August 31, 2012 – and has two client and server versions. It is very specifically designed for specific goals. The operator can set it to collect system data up to 10% of it of the system, to watermark all the data it collects and store it in an encrypted partition on the hard drive of the infected computer.

Once the infection is complete, Shadow will look for other connected systems and infect them. It can be configured to place the stolen data on any new drive installed on the system or send it somewhere if it detects an open internet connection.

The latest application in Brutal Kangaroo is Broken Promise, which is a tool used for easy and fast data processing. Overall, the Brutal Kangaroo suite could be very useful in thwarting air-gapped machines that typically use corporate internal networks for greater security.

There is nothing very strange about the Brutal Kangaroo Suite released by WikiLeaks in the Vault 7 file. The software described is something we would expect to use an information service.

Please be reminded that Wikileaks released documents in the Vault 7 series from 7 March, exposing more and more Coca-Cola Hacker tools.

"Year Zero"CIA exploits popular hardware and software.
"Weeping Angel" the tool s that the service uses to infiltrate smart TVs, turning them into hidden microphones.
"Dark Matter"Exploits targeting iPhones and Mac.
"Marble" The a secret anti-forensic framework. It is essentially an obfuscator used by the CIA to hide the real source of malware.
"Grasshopper"A framework that allows the information service to easily create custom malicious software to violate Microsoft Windows and bypass any virus protection.

"Archimedes"- a MitM attack tool allegedly created by the CIA for targeting computers within a local area network (LAN).
Scribbles" one which is designed to add 'web beacons' to classified documents to allow intelligence to monitor leaks.
Athena:is designed to be able to gain complete control over infected Windows computers, allowing the CIA to perform many on the target machine, such as deleting data or installing malware, stealing data and sending it to CIA servers.
CherryBlossom a tool that tracks the online activity of a target, redirects the browser, crawls e-mail addresses and phone numbers, and more through the router.
Brutal Kangaroo: A tool that can be used to infect air-gapped computers with malware.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).