WikiLeaks has just revealed another secret CIA project used to tamper with Windows systems. This time the hacking tool allegedly targets the boot sector of the operating system and then allows for more malware to develop.
The project with code name Angelfire, targeted Windows XP and Windows 7, and consisted of 5 different hacking tools that worked together to compromise a system.
First of all, he had Solartime, one malware whose primary goal is to modify the Windows boot sector by loading a second module called Wolfcreek. Wolfcreek contained all the drivers that would allow him to stop running drivers and applications.
A third tool called Keystone was developed by the CIA specifically because it allowed its agents to apply additional malware to infected systems. The fourth malevolent software according to WikiLeaks, it's called BadMFS and could store data encrypted and obfuscated.
And the last tool is the Windows Transitory File System, which WikiLeaks says was designed as an alternative to BadMFS and whose purpose was to use temporary (RAM) files rather than using a file system that stores the information locally (hard).
WikiLeaks explains that, despite the complex ingredients contained in Angelfire, hacking tools could be discovered rather easily because of a number of issues that the CIA even recognized in the manuals explaining the use.
For example, Keystone was hijacked as a copy of svchost.exe and was always in C: \ Windows \ system32. So if the operating system was installed on a different disk, the process could cause malfunctions that would reveal malicious software.
Επιπλέον, το σύστημα αρχείων BadMFS δημιουργεί ένα archive που ονομάζεται zf, το οποίο ενδέχεται να είχαν συναντήσει κάποιοι χρήστες όταν εργαζόταν στα συστήματά τους.
The leaked documents are not dated, but since Angelfire was specifically about Windows 7 and Windows XP, the project was likely to have developed before 8 was released in Windows 2012.
The current leak is part of a larger series called Vault 7.
Please be reminded that Wikileaks is releasing documents in the Vault 7 series from 7 2017 March, expounding more and more Coca-Cola tools.
Year Zero: CIA exploits popular hardware and software.
Weeping Angel: the spy tool that the service uses to penetrate smart TVs, turning them into disguised microphones.
Dark Matter: exploits targeting iPhones and Mac.
Marble: the source code of a secret anti-forensic framework. It is basically a obfuscator that CIA uses to hide the real source of malware.
Grasshopper: a framework that allows the information service to easily create custom malicious software to violate Microsoft Windows and bypass any virus protection.
Archimedes: a MitM attack tool allegedly created by the CIA for targeting computers within a local area network (LAN).
Scribbles: a development which is designed to add 'web beacons' to classified documents to allow intelligence to monitor leaks.
Athena:is designed to fully acquire full control over infected Windows computers, allowing the CIA to perform many functions on the target machine, such as deleting data or installing malicious software, data theft, and sending them to CIA servers.
CherryBlossom: a tool that tracks the online activity of a target, redirects the browser, crawls e-mail addresses and phone numbers, and more through the router.
Brutal Kangaroo:tool that can be used to infect air-gapped computers with malware.
ELSA: Windows malware that the CIA uses to determine a specific user's location using their Wi-Fi computer of.
OutlawCountry: Linux malware that the CIA uses to determine the location of a particular user using its computer's Wi-Fi.
BothanSpy - Gyrfalcon: for SSH authentication theft from Windows and Linux respectively
HighRise: the CIA tool for tracking and redirecting SMS messages to a remote server.
Achilles, Aeris and SeaPea: malicious spyware and data transfer software from MacOS and Linux
Dumbo: blocks cameras, microphones, and surveillance software.
CouchPotato: CIA tool for stealing streaming video from IP Webcams
ExpressLane: CIA tool to monitor colleagues at the FBI and the NSA
Angelfire: CIA tool to boot earlier Windows (7 and XP)
