WikiLeaks has published the first batch of source code for the CIA cyber-weapons. The source code released today is called Hive and is an implant framework that allows CIA operatives to control the malware they install on their victims' computers.
From March to August 2017, WikiLeaks only released documentation about the CIA's alleged cyberweapons. Recall that WikiLeaks claims that the specific files were stolen by the CIA from hackers and internal partners.
All of these revelations were part of a series of WikiLeaks leaks called Vault 7. According to the website, Hive released today is the first post in a long series of similar releases, called Vault 8.
The series will consist of the source code of the tools announced in the Vault 7 series.
The WikiLeaks announcement, along with their leaks Shadow Brokers, has caused a stir in infosec experts around the world, as some of the tools have already been integrated into many malware families and have been the focus of three major ransomware releases in 2017, WannaCry, NotPetya and Bad Rabbit.
The tools included in Hive do not appear to pose an immediate risk to end users, as they cannot be used to undermine today's computers. But they could be used to build a basic infrastructure for delivering and controlling other more powerful threats.
If WikiLeaks released the source code of all the tools listed in Vault 7, things could get a lot worse for everyone.
For example, tools like Achilles, Aeris, SeaPea, DarkSeaSkies, Archimedes, Brutal Kangaroo, or CherryBlossom are very serious cyber-weapons that could be integrated into various existing malware families and hacking tools. Hopefully WikiLeaks will proceed with caution and not release tools that can be modified to have another WannaCry ransomware outbreak
Below is a list of the most important CIA government weapons released by WikiLeaks as part of the Vault 7 series.
Year Zero: CIA exploits popular hardware and software.
Weeping Angel: This makes it a perfect choice for people with diabetes and for those who want to lose weight or follow a balanced diet. tool spyware that the service uses to infiltrate smart TVs, turning them into hidden microphones.
Dark Matter: exploits targeting iPhones and Macs.
Marble: the source code of a secret anti-forensic framework. It is basically a obfuscator that CIA uses to hide the real source of malware.
Grasshopper: a framework that allows the information service to easily create custom malicious software to violate Microsoft Windows and bypass any virus protection.
Archimedes: a MitM attack tool allegedly created by the CIA for targeting computers within a local area network (LAN).
Scribbles: a software designed to add 'web beacons' to classified documents to allow intelligence to monitor leaks.
Athena:it is designed to be able to gain complete control over the infected Windows computers, allowing the CIA to perform many operations on the target machine, such as deleting data or installing malware, data theft and Missionon CIA servers.
CherryBlossom: a tool that tracks the online activity of a target, redirects the browser, crawls e-mail addresses and phone numbers, and more through the router.
Brutal Kangaroo:tool that can be used to infect air-gapped computers with malware.
ELSA: Windows malware used by the CIA to identify the location of a particular user using his computer's Wi-Fi.
OutlawCountry: Linux malware that the CIA uses to determine the location of a particular user using its computer's Wi-Fi.
BothanSpy - Gyrfalcon: for SSH authentication theft from Windows and Linux respectively
HighRise: the CIA tool for tracking and redirecting SMS messages to a remote server.
Achilles, Aeris and SeaPea: malicious spyware and data transfer software from MacOS and Linux
Dumbo: blocks cameras, microphones, and surveillance software.
CouchPotato: CIA tool for stealing streaming video from IP Webcams
ExpressLane: CIA tool to monitor colleagues at the FBI and the NSA
Angelfire: CIA tool to boot earlier Windows (7 and XP)
