CIA Malware Unveiled

Since early 2017, whistleblower website WikiLeaks has been publishing secret CIA documents and the malware used by them to take control of all sort of electronic devices.

In the ongoing Vault 7 series, WikiLeaks has recently published documents from CIA contractor Raytheon Blackbird Technologies.

The leaked documents were submitted to the CIA between 21st Nov 2014 and 11th Sep 2015. The documents submitted by Raytheon contained proof-of-concept assessments for malware attack vectors. It should be noted that Raytheon acted as a technology scout for CIA’s Remote Development Branch (RDB). The scout made recommendations to the CIA teams for further research and malware development.

So the 5 CIA-Raytheon malware described in the leaked documents:

1. HTTPBrowser RAT

The first document gives an introduction to a new variant of the HTTPBrowser Remote Access Tool (RAT). The malware’s dropper has a zip file that contains 3 files. This RAT captures keystrokes and writes it to a file. It continuously talks to the C&C (command and control) server in clear text communications.

2. NfLog

NfLog RAT is also known as IsSpace. This new malware variant is deployed using the leaked Hacking Team Adobe Flash exploit which uses CVE 2015-5122. For C&C communications, NfLog also uses the Google App Engine. By using UAC bypass technique, it attempts UAC bypass and privilege escalation on Windows operating system.

3. Reign

Reign is a sophisticated malware sample that has been in use as early as 2008, with its new iteration appearing in 2013. What makes Reign special is its modular architecture that grants flexibility to the attackers.

It also features the capability to hide itself from detection. The attack via Reign is carried out in 5 stages, with the last granting functionalities like file system access, networking, event logging, port loading, rootkit functions, etc.

4. HammerToss

HammerToss is probably a Russian-sponsored malware. It leverages compromised websites, GitHub, Twitter accounts, and cloud storage for taking care of the C&C functions. Written in C#, HammerToss uses a dedicated program to create new Twitter accounts and use them to execute commands and get the data uploaded by the victim.

5. Gamker

Gamker is an information stealing Trojan that uses the process of self-code injection to make sure that nothing is written to disk. Gamker is also able to gain some obfuscation characteristics by using Assembly language instruction in hooking routine.

FossBytes.com:

You Might Also Read: 

WikiLeaks Reveal CIA Credentials Malware:

CIA Silent about Wikileaks Agency Files:

 

« Data Scientists Remain Top Of ‘most wanted’ Employees
5G Wireless Technology - Enabling Mobile-Only Networking »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

SonicWall

SonicWall

SonicWall provide products for network security, access security, email security & encryption.

BTWorks

BTWorks

BTWorks provides identity management and anti-phishing / smishing solutions for web and mobile apps.

Cybertekpro

Cybertekpro

Cybertekpro is a specialist insurance broker providing Cyber Liability insurance and cyber risk assessment services.

Awen Collective

Awen Collective

Awen Collective develops software-based tools for performing Digital Forensics, Incident Response and Cyber-Crime Investigation.

ReSec Technologies

ReSec Technologies

ReSec provides total protection against all types of known and unknown malware threats including viruses, Trojans, ransomware and phishing, regardless of their delivery method.

Cyber Security Malta

Cyber Security Malta

Cyber Security Malta is part of Malta's National Cyber Security Strategy which aims to combat cybercrime, strengthen national cyber defence and provide cyber security awareness and education.

certSIGN

certSIGN

certSIGN develop innovative software for information security and information systems protection.

Security Innovation Network (SINET)

Security Innovation Network (SINET)

SINET is dedicated to building a cohesive, worldwide Cybersecurity community with the goal of accelerating innovation through collaboration.

Secure-IC

Secure-IC

Secure-IC provide end-to-end, best-of-breed security expertise, solutions, and hardware & software technologies, for embedded systems and connected objects.

BullGuard

BullGuard

BullGuard is an award-winning cybersecurity company focused on providing the consumer and small business markets with the confidence to use the internet in absolute safety.

Nokia

Nokia

Nokia is a proven leader in fixed, mobile and IoT security offering capabilities that range from systems design to integration and support.

Perygee

Perygee

Perygee is a fully integrated platform for operational security. Companies depend on Perygee to identify and streamline the most important security practices for their operations.

Third Point Ventures

Third Point Ventures

Third Point brings deep technical expertise, a strong network of relationships, and decades of investing experience to add value to our partners throughout their journey from idea to IPO and beyond.

Epic Machines

Epic Machines

Epic Machines is a Value Added Reseller and Managed Security Services provider offering Security Transformation using Cloud-native solutions to commercial and government markets.

Astran

Astran

At Astran, we revolutionize data security by introducing a groundbreaking solution for data confidentiality headaches.

GO Business

GO Business

GO Business are a specialised B2B team within GO that caters to the communication needs of the local business community in Malta.