CIA Colluded with Tech To Develop Malware-WikiLeaks
According to the leaked documents, the CIA contractor Raytheon Blackbird Technologies submitted five reports, to CIA as part of UMBRAGE Component Library. These reports had details about the proof-of-concept ideas and malware attack vectors, which was publicly exhibited by security analysts and researchers and covertly developed by a cyber espionage hacking group.
The reports put forward by Raytheon were professedly helping CIA’s Remote Development Branch (RDB) to gather thoughts for building up their own particular advanced malware projects.
Vault 7 in its earlier revelation has mentioned how that CIA’s UMBRAGE malware development team is using the codes from publicly available sources to develop their own malware project.
RAT — Raytheon Analysts reported how a CIA RAT (Remote Access Tool) Project detailed a variant of the HTTP browser, which was probably developed in March of 2015 and designed to record keystrokes from the targeted system. This was used by the Chinese Emissary Panda hackers. It’s mainly targeted Windows Operating systems.
Regin” – an exceptionally modern malware that has been seen in operation since 2013 and significantly intended for surveillance and data collection.
Regin is believed to be developed by the US intelligence agency NSA. A cyber espionage tool, it is said to be more complex than both Stuxnet and Duqu.
Regin uses a modular approach that allows users to enable customized surveillance. Regin’s was profoundly suited for relentless, long-term spying against targets, it was designed that way.
As per Leaked Document, it reads that Stage 4 module infuse code into services.exe, but there were no details regarding the strategies or APIs used.
It details a suspected Russian State-sponsored malware sample called “HammerToss,” which was discovered in early 2015 and suspected of being operational since late 2014.
HammerToss discovered in early 2015 it is suspected that the Russian State sponsored this malware. Security analyst believes that this Malware must be in operation since late 2014.
The interesting part about HammerToss is the architecture that leverages to cloud-storage to coordinate command-and-control function to execute commands on the targeted system.
Gamker – This is an information stealing Trojan. Vault 7 CIA Leaks envisage the self-code injection and API hooking methods of “Gamker”. Gamker decrypts and at that point drops a duplicate of itself using a random filename and infuses it into an alternate process.
NFlog – Vault 7 also has a detail about NfLog Remote Access Tool (RAT) variant known as IsSpace. This was used by other Chinese hacking group called Samurai Panda. The malware used CVE-2015-5122 of Adobe Flash exploit and UAC bypass technique. It even bypasses the Windows Firewall to sniff proxy credentials.
A couple of weeks before Vault 7 revealed some Highrise Project of CIA that would enable the agency to collect and forward the stolen data from compromised mobile phones to their server via SMS. Since March 2017 WikiLeaks has revealed 17 reports allowing with the following.
BothanSpy and Gyrfalcon — two charged CIA that enabled the spying organization to capture and exfiltrate SSH credentials from the targeted Windows and Linux working frameworks utilizing distinctive attack strategy.
OutlawCountry – An affirmed CIA project that enabled it to hack and remotely keep an eye on PCs running on Linux working frameworks.
ELSA – A CIA Malware that is tracking, Geo-Location of computers running on Windows OS that is connected through Wifi.
Brutal Kangaroo – A hacking tool designed to hack Air-Gapped Networks using pen drives
Cherry Blossom – Another malware that was intended to compromise your Wireless Network Devices using MITM Attack.
Pandemic – A CIA project when installed in Victims Machine and replaced Target files where remote users use SMB to Download