WikiLeaks Brutal Kangaroo: WikiLeaks published online more CIA secret documents describing the hacking tools of the service. This time the software it describes refers to as Brutal Kangaroo, and can be used to infect air-gapped computers with malware.
Documents originated initially at 11 May 2015 and revised on 23 February next year describe the project Brutal Kangaroo, which uses infected Windows computers to spread malware on non-networked machines via USB sticks.
The CIA suite published by WikiLeaks replaces earlier tools of the service called EZCheese and Emotional Simian, a kind of cyber-weapon that the US intelligence service used to disseminate Stuxnet.
According to user guide [PDF], the software consists of four specific applications.
The Shattered Assurance is the server side code that forms the basis of the attack system and infects USBG disks that are connected to an infected computer with the malicious software Drifting Deadline.
Once an infected thumb drive is connected to a computer it automatically runs its contents and uses Windows 7 as the operating system. Immediately after running .Net 4.5, the Drifting Deadline it serves the Shadow malware in the system.
The Shadow malware είναι ένα πολύ παλιό λογισμικό - το user manual [PDF] χρονολογείται από τις 31 Αυγούστου 2012 - και διαθέτει δύο εκδόσεις πελάτη και διακομιστή. Είναι πολύ ιδιαίτερα διαμορφωμένο για συγκεκριμένους στόχους. Ο χειριστής μπορεί να το ρυθμίσει για να συλλέξει δεδομένα συστήματος μέχρι και 10% της μνήμης του συστήματος, να υδατογραφήσει όλα τα δεδομένα που συλλέγει και να τα αποθηκεύσει σε κρυπτογραφημένο διαμέρισμα στο σκληρό δίσκο του μολυσμένου υπολογιστή.
Once the infection is complete, Shadow will look for other connected systems and infect them. It can be configured to place the stolen data on any new drive installed on the system or send it somewhere if it detects an open internet connection.
The latest application in Brutal Kangaroo is Broken Promise, which is a tool used for easy and fast data processing. Overall, the Brutal Kangaroo suite could be very useful in thwarting air-gapped machines that typically use corporate internal networks for greater security.
There is nothing very strange about the Brutal Kangaroo Suite released by WikiLeaks in the Vault 7 file. The software described is something we would expect to use an information service.
Please be reminded that Wikileaks released documents in the Vault 7 series from 7 March, exposing more and more Coca-Cola Hacker tools.
"Year Zero"CIA exploits popular hardware and software.
"Weeping Angel"The spying tool that the service uses to penetrate smart TVs, turning them into disguised microphones.
"Dark Matter"Exploits targeting iPhones and Mac.
"Marble"The source code of a secret anti-forensic framework. It is basically a obfuscator that CIA uses to hide the real source of malware.
"Grasshopper"A framework that allows the information service to easily create custom malicious software to violate Microsoft Windows and bypass any virus protection.
"Archimedes"- a MitM attack tool allegedly created by the CIA for targeting computers within a local area network (LAN).
Scribbles” a software designed to add 'web beacons' to classified documents, to enable the control of leaks from secret services.
Athena:is designed to be able to gain complete control over infected Windows computers, allowing the CIA to perform many operations on the target machine, such as deleting data or installing malware, stealing data and sending it to servers of CIA.
CherryBlossom tool that monitors a target's internet activity, redirect the program tours, trace email addresses and phone numbers and more, through the router.
Brutal Kangaroo: A tool that can be used to infect air-gapped computers with malware.
