WikiLeaks Brutal Kangaroo: WikiLeaks has published more classified CIA documents online that describe its hacking tools services. This time the software it describes is referred to as Brutal Kangaroo, and it can be used to infect air-gapped computers with malware.
Documents originated initially at 11 May 2015 and revised on 23 February next year describe the project Brutal Kangaroo, which uses infected Windows computers to spread malware on non-networked machines via USB sticks.
The CIA suite released by WikiLeaks replaces earlier agency tools called EZCheese and Emotional Simian, a kind of cyber-weapon used by US intelligence to spread Stuxnet.
According to user guide [PDF], the software consists of four specific applications.
The Shattered Assurance is the server side code that forms the basis of the attack system and infects USBG disks that are connected to an infected computer with the malicious software Drifting Deadline.
Once an infected thumb drive is connected to a computer it automatically runs its contents and uses Windows 7 as operating system. Immediately after running .Net 4.5, the Drifting Deadline it serves the Shadow malware in the system.
The Shadow malware it's a lot old software – the user manual [PDF] Dates August 31, 2012 - and has two client and server versions. It is very well designed for specific purposes. The operator can configure it to collect system data up to 10% of system memory, watermark all the data it collects and store it in an encrypted partition on the hard drive of the infected computer.
Once the infection is complete, Shadow will look for other connected systems and infect them. It can be configured to put the hijacked data on any new drive installed in the system or send it somewhere if it detects an open connection on Internet.
The latest application in Brutal Kangaroo is Broken Promise, which is a tool used for easy and fast data processing. Overall, the Brutal Kangaroo suite could be very useful in thwarting air-gapped machines that typically use corporate internal networks for greater security.
There is nothing very strange about the Brutal Kangaroo Suite released by WikiLeaks in the Vault 7 file. The software described is something we would expect to use an information service.
Please be reminded that Wikileaks released documents in the Vault 7 series from 7 March, exposing more and more Coca-Cola Hacker tools.
"Year Zero"CIA exploits popular hardware and software.
"Weeping Angel"The spying tool that the service uses to penetrate smart TVs, turning them into disguised microphones.
"Dark Matter"Exploits targeting iPhones and Mac.
"Marble"The source code of a secret anti-forensic framework. It is basically a obfuscator that CIA uses to hide the real source of malware.
"GrasshopperA framework that allows the intelligence service to easily create custom malware to infringe on Microsoft Windows and bypass any protection from viruses.
"Archimedes"– ένα εργαλείο επίθεσης MitM που φέρεται ότι δημιούργησε η CIΑ για τη στοχοθέτηση υπολογιστών μέσα σε ένα τοπικό network (LAN).
Scribbles” a piece of software designed to add 'web beacons' to classified documents to allow intelligence to monitor leaks.
Athena:is designed to be able to gain complete control over infected Windows computers, allowing the CIA to perform many operations on the target machine, such as deleting data or installing malware; theftof data and sending them to CIA servers.
CherryBlossom a tool that tracks the online activity of a target, redirects the browser, crawls e-mail addresses and phone numbers, and more through the router.
Brutal Kangaroo: A tool that can be used to infect air-gapped computers with malware.