WikiLeaks Reveal CIA Credentials Malware

WikiLeaks recently dumped the documentation of two CIA hacking tools codenamed BothanSpy and Gyrfalcon, both designed to steal SSH (Secure Socket Shell, is a network protocol that provides administrators with a secure way to access a remote computer) credentials from Windows and Linux systems, respectively.

Both tools are "implants," a term the CIA uses to describe malware payloads. Once installed through various means on a target's computer, these two implants hook into SSH-related processes and steal credentials or session traffic, where possible.

BothanSpy targets Windows
The first, BothanSpy, was designed for Windows computers. According to a manual dated in March 2015, the malware will hook into the process of Xshell, a Windows SSH client.
BothanSpy will use this access to steal user credentials for all active SSH sessions. This data can be sent right away to a remote server, or stored on disk in an encrypted file.

Gryfalcon targets Linux
The second, Gyrfalcon, is an implant for Linux systems. According to a 27-page manual dated in November 2013, this malware can target distros such as RHEL, Ubuntu, Suse, Debian, and CentOS.
Gryfalcon works by targeting the OpenSSH client, from where it can extract user credentials for active SSH sessions and full or partial OpenSSH session traffic. The stolen data is saved locally into an encrypted file, and is exfiltrated at a later date.
CIA operatives need root privileges to install Gryfalcon, but the tool itself can operate from a regular account.

The dump is part of a larger series called Vault 7 contains documents WikiLeaks claims were stolen from the CIA by hackers and insiders. 

Bleeping Computer

You  Might Also Read:

Prices For Stolen NSA Exploits Go Higher:

WikiLeaks Releases More Info On CIA Malware:

Snowden: NSA Should Have Prevented WannaCry Attacks:

 

 

« Biometric Products Can Help Cybersecurity
US Marines Embrace Cyber Warfare »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Charlton Networks

Charlton Networks

Charlton Networks provide a complete range of IT infrastructure, network and security solutions aimed at SME companies.

NTNU Center for Cyber & Information Security (NTNU CCIS)

NTNU Center for Cyber & Information Security (NTNU CCIS)

NTNU CCIS is a national centre for research, education, testing, training and competence development within the area of cyber and information security.

Avansic

Avansic

Avansic is a leading provider of e-discovery and digital forensics services to attorneys, litigation support teams, and business communities.

Fair Isaac Corporation (FICO)

Fair Isaac Corporation (FICO)

FICO provides analytics software and tools used across multiple industries to manage risk, fight fraud, optimize operations and meet strict government regulations.

Proteus

Proteus

Proteus is an Information Security consulting firm specialized in Risk Analysis and Executive Control.

MythX

MythX

MythX is the premier security analysis service for Ethereum smart contracts.

Keyless Technologies

Keyless Technologies

Simple, secure, and interoperable authentication. Keyless offers unmatched security, privacy and usability, while reducing risk and infrastructure costs.

BCN Group

BCN Group

BCN Group is an agile IT solutions provider. We are experts in delivering and managing business-critical technology solutions.

Meditology

Meditology

Meditology Services is a top-ranked provider of information risk management, cybersecurity, privacy, and regulatory compliance consulting services exclusively for healthcare organizations.

Antares NetlogiX

Antares NetlogiX

Antares Netlogix are a leading Austrian service provider for IT security, critical infrastructures and managed security services.

JaCIRT

JaCIRT

JaCIRT is the national Cyber Incident Response Team for Jamaica, established to deliver on the mandate outlined in the GoJ’s National Cyber Security Strategy.

Xalient

Xalient

Xalient is an IT consulting and managed services business, specialising in modern, software-defined networking, security and communications technologies.

Upstack

Upstack

UPSTACK - One partner, end-to-end expertise, helping develop the solutions you need – when you need them.

ZAG Technical Services

ZAG Technical Services

ZAG Technical Services is an award-winning information technology consulting firm delivering digital transformation solutions, IT assessments, managed services, security, and support.

White Knight Labs

White Knight Labs

White Knight Labs is a cyber security consultancy that specializes in cybersecurity training.

Revytech

Revytech

Revytech is a tech company providing services in a broad range of areas including IT operations, cyber security and network engineering.