Pandemic: WikiLeaks was released new documents in the Vault 7 series. This time it describes in detail a tool that the CIA uses to deploy malicious software on networks of targeted organizations, services, or companies.
Ονομάζεται “πανδημία”, ή “Pandemic,” και μπορεί να εγκαταστήσει ένα filter driver στο σύστημα files σε ένα δίκτυο, αντικαθιστώντας τα νόμιμα αρχεία με κακόβουλο ωφέλιμο φορτίο εξ αποστάσεως μέσω του πρωτοκόλλου SMB (Server Message Block).
"The pandemic does NOT make any physical changes to the targeted disk file. The targeted file in the Pandemic system is installed and remains unchanged. Target users with Pandemic use SMB to download the targeted file with the "Replacement File", the tool description states.
This makes this tool very interesting since it is particularly difficult to locate the infected systems. Pandemic replaces the files during transfer instead of modifying them on the device, so the legitimate file remains unchanged.
Pandemic is a tool designed to work on Windows 32 and 64 bit systems and is initially installed on machines from which users download and execute remote files. The files released by WikiLeaks show that up to 20 files can be replaced each time, with a maximum size of 800 Mb.
“As the name suggests, a single computer on a local network with shared drives infected with the Pandemic implant will act as patient zero in the spread of a disease. It will infect the remote computers if the user runs programs. "
The documents explicitly state that it is technically possible, "remote computers that provide file shares are automatically converted to new Pandemic file servers on a local network to achieve infections on new targets," WikiLeaks reported.
The new leaks contain information, even about how to test if a system is infected by Pandemic.
Please be reminded that Wikileaks released documents in the Vault 7 series from 7 March, exposing more and more CIA hackers.
"Year Zero"The CIA is using popular hardware and software.
"Weeping Angel” the spying tool used by service to infiltrate smart TVs, turning them into hidden microphones.
"Dark Matter"Exploits targeting iPhones and Mac.
"Marble"The source code of a secret anti-forensic framework. It's essentially a obfuscator that the CIA uses to hide the real source of malware.
"GrasshopperA framework that allows the intelligence service to easily create custom malware to infringe on Microsoft Windows and bypass any protection from viruses.
"Archimedes"- a MitM attack tool allegedly created by the CIA for targeting computers within a local area network (LAN).
Scribbles” a piece of software designed to add 'web beacons' to classified documents to allow intelligence to monitor leaks.
Athena:is designed to be able to gain complete control over infected Windows computers, allowing the CIA to perform many operations on the target machine, such as deleting data or installing malware, stealing data and sending it to CIA servers.
