WikiLeaks Brutal Kangaroo: WikiLeaks published online more CIA secret documents describing the hacking tools of the service. This time the software it describes refers to as Brutal Kangaroo, and can be used to infect air-gapped computers with malware.
Documents originated initially at 11 May 2015 and revised on 23 February next year describe the project Brutal Kangaroo, which uses infected Windows computers to spread malware on non-networked machines via USB sticks.
The CIA suite published by WikiLeaks replaces earlier tools of the service called EZCheese and Emotional Simian, a kind of cyber-weapon that the US intelligence service used to disseminate Stuxnet.
According to user guide [PDF], the software consists of four specific applications.
The Shattered Assurance is the server-side code that forms the basis of the system attacks and infects USBG drives connected to infected computer with the malware Drifting Deadline.
Once an infected thumb drive is connected to a computer it automatically runs its contents and uses Windows 7 as operating system. Immediately after running .Net 4.5, the Drifting Deadline it serves the Shadow malware in the system.
The Shadow malware is a very old software - the user manual [PDF] Dates August 31, 2012 - and has two client and server versions. It is very well designed for specific purposes. The operator can configure it to collect system data up to 10% of system memory, watermark all the data it collects and store it in an encrypted partition on the hard drive of the infected computer.
Once the infection is complete, Shadow will look for other connected systems and infect them. It can be configured to place the stolen data on any new drive installed on the system or send it somewhere if it detects an open internet connection.
The latest application in Brutal Kangaroo is Broken Promise, which is a tool used for easy and fast data processing. Overall, the Brutal Kangaroo suite could be very useful in thwarting air-gapped machines that typically use corporate internal networks for greater security.
There is nothing very strange about the Brutal Kangaroo Suite released by WikiLeaks in the Vault 7 file. The software described is something we would expect to use an information service.
Please be reminded that Wikileaks released documents in the Vault 7 series from 7 March, exposing more and more Coca-Cola Hacker tools.
"Year Zero"CIA exploits popular hardware and software.
"Weeping Angel"The spying tool that the service uses to penetrate smart TVs, turning them into disguised microphones.
"Dark Matter"Exploits targeting iPhones and Mac.
"MarbleThe source code of a secret anti-forensic framework. It is essentially an obfuscator used by the CIA to hide the real source of malware.
"Grasshopper"A framework that allows the information service to easily create custom malicious software to violate Microsoft Windows and bypass any virus protection.
"Archimedes"- a MitM attack tool allegedly created by the CIA for targeting computers within a local area network (LAN).
Scribbles” a piece of software designed to add 'web beacons' to classified documents to allow intelligence to monitor leaks.
Athena:is designed to be able to gain complete control over infected Windows computers, allowing the CIA to perform many operations on the target machine, such as deleting data or installing malware, stealing data and sending it to servers of CIA.
CherryBlossom a tool that tracks the online activity of a target, redirects the browser, crawls e-mail addresses and phone numbers, and more through the router.
Brutal Kangaroo: A tool that can be used to infect air-gapped computers with malware.
