Wikileaks Vault 7 series continued: Today, Wikileaks published more hacking tools of the CIA in the Vault 7 series. The website reveals new manuals for three tools called Achilles, Aeris and SeaPea, and is said to be part of a larger CIA project called Imperial.
Each of the three tools has a different purpose and has been developed to target different operating systems.
n
The first of these tools is called Achilles and is a utility for adding trojan to macOS DMG installers.
According to the WikiLeaks Wiki User Guide, Achilles allows an operator to add an executable file to a DMG file for a one-time run.
Running the DMG file installs the original application as well as the malware. It then deletes the trojan from the DMG file. The use of malicious apps that run only once is typical of US intelligence services, which, as they know, are making a great effort not to be identified in their victim's systems.
The second manual released today is for a tool called Aeris, which is said to be an implant (malware) for POSIX systems.
According to the document, Aeris is written with C and can work in the following operating systems:
Debian Linux 7 (i386)
Debian Linux 7 (amd64)
Debian Linux 7 (ARM)
Red Hat Enterprise Linux 6 (i386)
Red Hat Enterprise Linux 6 (amd64)
Solaris 11 (i386)
Solaris 11 (SPARC)
FreeBSD 8 (i386)
FreeBSD 8 (amd64)
CentOS 5.3 (i386)
CentOS 5.7 (i386)
Aeris includes auxiliary preletterdata obfuscation, which are typically used to hide information in transit from victims' computers to secret service hosts over secure encrypted TLS channels.
The Aeris manual does not contain details on how data is collected.
The third and latest manual released today is about an OS X rootkit called SeaPea. The manual of this tool was previously released in another WikiLeaks CIA dump called DarkSeaSkies, a collection of hacking tools on Macs and iPhones (released in March).
Let's remind that SeaPea provides CIA agents with a kernel implant that allows them to maintain infections in OS X systems even after reboots.
Its additional capabilities include the ability to hide files or folders, start socket connections, or to initiate malicious processes.
The SeaPea manual is old and dates back to the summer of 2011 and mentions as "tested operating systems" two very old versions of OS X, Mac OS X 10.6 (Snow Leopard) and Mac OS X 10.7 (Lion).
The current leak is part of a larger series called Vault 7.
Please be reminded that Wikileaks is releasing documents in the Vault 7 series from 7 2017 March, expounding more and more Coca-Cola tools.
Year Zero: CIA exploits popular hardware and software.
Weeping Angel: the spy tool that the service uses to penetrate smart TVs, turning them into disguised microphones.
Dark Matter: exploits targeting iPhones and Mac.
Marble: the source code of a secret anti-forensic framework. It is basically a obfuscator that CIA uses to hide the real source of malware.
Grasshopper: a framework that allows the information service to easily create custom malicious software to violate Microsoft Windows and bypass any virus protection.
Archimedes: a MitM attack tool allegedly created by the CIA for targeting computers within a local area network (LAN).
Scribbles: a software designed to add 'web beacons' to classified documents to allow intelligence to monitor leaks.
Athena:is designed to fully acquire full control over infected Windows computers, allowing the CIA to perform many functions on the target machine, such as deleting data or installing malicious software, data theft, and sending them to CIA servers.
CherryBlossom: a tool that tracks the online activity of a target, redirects the browser, crawls e-mail addresses and phone numbers, and more through the router.
Brutal Kangaroo:tool that can be used to infect air-gapped computers with malware.
ELSA: Windows malware used by the CIA to identify the location of a particular user using his computer's Wi-Fi.
OutlawCountry: Linux malware that the CIA uses to determine the location of a particular user using its computer's Wi-Fi.
BothanSpy - Gyrfalcon: for SSH authentication theft from Windows and Linux respectively
HighRise: the CIA tool for tracking and redirecting SMS messages to a remote server.
Achilles, Aeris and SeaPea: malicious spyware and data transfer software from MacOS and Linux
