WikiLeaks Release Shows How CIA & Raytheon Use Its Malware

WikiLeaks Release Documents on How CIA Uses 5 Different Malware

Written by Waqas for hackread.com

WikiLeaks has released a trove of data belong to the American intelligence agency CIA (Central Intelligence Agency) – The latest batch shows how CIA uses five different malware to target unsuspecting users. 

These malware are called HammerLoss, Regin, HTTPBrowser, NfLog, and Gamker – The documents also show how CIA used Raytheon Blackbird Technologies, a contractor for the Remote Development Branch (RDB) of the CIA.

The nightmarish revelations from Julian Assange are from over, and the latest batch of documents after the release of Vault 7 has startling new information about the CIA’s ability of hacking and infiltrating its targets. The data includes reports from experts about the way various malware programs owned and used by the CIA are used and the way these programs function. In total, there are five files.

This new batch of files is dubbed as UCL/Raytheon and contains documents maintained by Raytheon Blackbird Technologies. The firm is a contractor for the Remote Development Branch (RDB) of the CIA and believed to be its Technology Scout.

As per WikiLeaks, Raytheon was given the responsibility of “analyzing malware attacks in the wild and giving recommendations to the CIA development teams for further investigation and PoC development for their malware projects.”

The UCL/Raytheon leaks provide information about CIA’s use of different malware programs between 2014 and 2015. The files have information about tools produced by the Hacking Team and how the HammerLoss malware from Russia was distributed using Twitter.

The first file explains how Emissary Panda, a China based group, created at the HTTPBrowser remote access tool (RAT). The other file explains how Samurai Panda developed and used the Hacking Team inspired, NfLog based IsSpace RAT.

There is also information about the data collection malware Regin, also called Stealthy Surveillance and Gamker Trojan as well as HammerLoss. The purpose of HammerLoss is to “leverage Twitter and GitHub accounts” and compromise websites as well as Cloud storage for arranging command and control center for conducting a successful hack attack.

According to WikiLeaks press release: “They mostly contain Proof-of-Concept ideas and assessments for malware attack vectors – partly based on public documents from security researchers and private enterprises in the computer security field.”

RELEASE: CIA-Rayethon analysis of #FireEye report on Twitter powered suspected Russian state malware #HammerToss https://t.co/RNJnNGo4c0 pic.twitter.com/wPN2XFl0h8

— WikiLeaks (@wikileaks) July 19, 2017

Vault 7 documents previously leaked documents by WikiLeaks

BothanSpy and Gyrfalcon: Steals SSH credentials from Linux & Windows devices OutlawCountry and Elsa: Malware targeting Linux devices and tracking user geo-location Brutal Kangaroo: CIA hacking tools for hacking air-gapped PCs Cherry Blossom: CherryBlossom & CherryBomb: Infecting WiFi routers for years Pandemic: A malware hacking Windows devices AfterMidnight and Assassin: CIA remote control & subversion malware hacking Windows Dark Matter: CIA hacking tool infiltrating iPhones and MacBooks Athena: A malware targeting Windows operating system Archimedes: A program helping CIA to hack computers inside a Local Area Network HIVE: CIA implants to transfer exfiltrated information from target machines Grasshopper: A malware payloads for Microsoft Windows operating systems Marble: A framework used to hamper antivirus companies from attributing malware Dark Matter: A CIA project that infects Apple Mac firmware Highrise Android Malware: An app called TideCheck employed by CIA to target Android devices

Sponsored: DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

CIAinternetMalwareRussiasecurityVault 7wikileaks

Read more by Soren K.Group