OutlawCountry: After the ELSA tool, which according to WikiLeaks is a Windows malware that the CIA uses to determine the location of a particular user, comes the revelation of OutlawCountry, a different hacking tool that the service uses, on Linux devices .
A leaked WikiLeaks user manual reveals that the CIA has been using the OutlawCountry at least since June of 2015. The tool is specifically designed to redirect outbound Internet traffic to other addresses.
This basically means that CIA agents can monitor the activity of a Linux server. However, for OutlawCountry to be effective, the secret information service should first acquire root access privileges.
In other words, the CIA will first have to break a Linux system with a different method before OutlawCountry can work.
OutlawCountry
Το WikiLeaks αναφέρει ότι η πρώτη έκδοση του OutlawCountry περιέχει ένα kernel module for CentOS/RHEL 6.x on 64-bit and can only work with default kernels, while it only supports adding hidden DNAT rules to the PREROUTING chain.
Malware consists of a kernel module that creates a hidden netfilter table on a Linux target. By knowing the name of the table, the attacker can create rules that override existing netfilter / iptables rules and are hidden from a user or even the system administrator. he says WikiLeaks.
The user manual explains exactly how the hacking tool works and reveals that the CIA can remove all traces of malware as soon as the attack is complete.
“The OutlawCountry tool has a working kernel module for Linux 2.6. The attacker loads the module with a shell on the target. When loaded, the module creates a new netfilter table. The new table allows you to create some rules using the iptables command. These rules take precedence over existing rules and are only visible to an administrator who knows the name of the table. When the attacker removes the kernel module, the new panel is also removed. ”
Just like in Windows, Linux users are recommended to update their systems directly to the latest releases and to develop all patches available in the official repositories of each distribution.
WikiLeaks Vault 7
Please be reminded that Wikileaks released documents in the Vault 7 series from 7 March, exposing more and more tools hackers of CIA.
"Year ZeroThe CIA is taking advantage of popularity hardware and software.
"Weeping Angel"The spying tool that the service uses to penetrate smart TVs, turning them into disguised microphones.
"Dark Matter"Exploits targeting iPhones and Mac.
"Marble"The source code of a secret anti-forensic framework. It is basically a obfuscator that CIA uses to hide the real source of malware.
"Grasshopper"A framework that allows the information service to easily create custom malicious software to violate Microsoft Windows and bypass any virus protection.
"Archimedes"- a MitM attack tool allegedly created by the CIA for targeting computers within a local area network (LAN).
Scribbles” a piece of software designed to add 'web beacons' to classified documents to allow intelligence to monitor leaks.
Athena:is designed to be able to gain complete control over infected Windows computers, allowing the CIA to perform many functions on the target machine, such as Clear data or installing malware, stealing data and sending it to CIA servers.
CherryBlossom tool that monitors a target's internet activity, redirects the browser, traces email addresses post officeand phone numbers and more, through the router.
Brutal Kangaroo: A tool that can be used to infect air-gapped computers with malware.
ELSA Windows malware used by the CIA to identify the location of a particular user using his computer's Wi-Fi.