CIA Malware Unveiled

Uploaded on 2017-08-02 in NEWS-Cybersecurity News, INTELLIGENCE--USA, FREE TO VIEW

Since early 2017, whistleblower website WikiLeaks has been publishing secret CIA documents and the malware used by them to take control of all sort of electronic devices.

In the ongoing Vault 7 series, WikiLeaks has recently published documents from CIA contractor Raytheon Blackbird Technologies.

The leaked documents were submitted to the CIA between 21st Nov 2014 and 11th Sep 2015. The documents submitted by Raytheon contained proof-of-concept assessments for malware attack vectors. It should be noted that Raytheon acted as a technology scout for CIA’s Remote Development Branch (RDB). The scout made recommendations to the CIA teams for further research and malware development.

So the 5 CIA-Raytheon malware described in the leaked documents:

1. HTTPBrowser RAT

The first document gives an introduction to a new variant of the HTTPBrowser Remote Access Tool (RAT). The malware’s dropper has a zip file that contains 3 files. This RAT captures keystrokes and writes it to a file. It continuously talks to the C&C (command and control) server in clear text communications.

2. NfLog

NfLog RAT is also known as IsSpace. This new malware variant is deployed using the leaked Hacking Team Adobe Flash exploit which uses CVE 2015-5122. For C&C communications, NfLog also uses the Google App Engine. By using UAC bypass technique, it attempts UAC bypass and privilege escalation on Windows operating system.

3. Reign

Reign is a sophisticated malware sample that has been in use as early as 2008, with its new iteration appearing in 2013. What makes Reign special is its modular architecture that grants flexibility to the attackers.

It also features the capability to hide itself from detection. The attack via Reign is carried out in 5 stages, with the last granting functionalities like file system access, networking, event logging, port loading, rootkit functions, etc.

4. HammerToss

HammerToss is probably a Russian-sponsored malware. It leverages compromised websites, GitHub, Twitter accounts, and cloud storage for taking care of the C&C functions. Written in C#, HammerToss uses a dedicated program to create new Twitter accounts and use them to execute commands and get the data uploaded by the victim.

5. Gamker

Gamker is an information stealing Trojan that uses the process of self-code injection to make sure that nothing is written to disk. Gamker is also able to gain some obfuscation characteristics by using Assembly language instruction in hooking routine.

FossBytes.com:

You Might Also Read: 

WikiLeaks Reveal CIA Credentials Malware:

CIA Silent about Wikileaks Agency Files:

 

« Data Scientists Remain Top Of ‘most wanted’ Employees
5G Wireless Technology - Enabling Mobile-Only Networking »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CybergymIEC

CybergymIEC

CybergymIEC is a global leader in cyber defense solutions and training services.

Torsion Information Security

Torsion Information Security

Torsion is an innovative information security and compliance engine, which runs either in the cloud or your data centre.

Mnemonica

Mnemonica

Mnemonica specializes in providing data protection system, information security compliance solutions, cloud and managed services.

Destel

Destel

Destel is a system integrator and provider of IT services focused on Advanced Network & Security Solutions.

Fortress Information Security

Fortress Information Security

Fortress Information Security is one of the largest cyber security providers of supply chain risk management and vulnerability risk management in the US.

Leidos

Leidos

Leidos is a recognized leader in cybersecurity across the federal government, bringing more than a decade of experience defending cyber interests globally.

INVISUS

INVISUS

INVISUS protects businesses against the latest cyber risks – including business and employee identity theft, data breaches, and cybersecurity compliance.

Zemana

Zemana

Zemana provides innovative cyber-security solutions to deal with complex malicious software and other cyber threats.

Pratum

Pratum

Pratum is an information security services firm that helps clients solve challenges based on risk, not fear.

SandboxAQ

SandboxAQ

SandboxAQ is an enterprise SaaS company combining AI + Quantum tech to solve hard problems impacting society.

AirDroid Business

AirDroid Business

AirDroid Business is an efficient mobile device management solution for Android devices, helping businesses to remotely control and access devices in large quantities using a centralized approach.

JLS Technology

JLS Technology

Since 2007, JLS Tech has been recognized as one of the world’s most innovative cybersecurity and technology operations leaders.

Opkalla

Opkalla

We started Opkalla because we believe IT professionals deserve better. We help our clients navigate the confusion in the marketplace and choose the solution that is right for your business.

Advanced IT

Advanced IT

Reliable managed IT Security & support services that will help you take your business operations to the next level without breaking the bank!

CarbonHelix

CarbonHelix

CarbonHelix provides cybersecurity services from US-based security operations centers that meet the highest compliance requirements.

Aprio

Aprio

Aprio is a premier business advisory and accounting firm. We deliver advisory, tax, managed, and private client services to build value, drive growth, manage risk, and protect wealth.