WikiLeaks Reveal CIA Credentials Malware

WikiLeaks recently dumped the documentation of two CIA hacking tools codenamed BothanSpy and Gyrfalcon, both designed to steal SSH (Secure Socket Shell, is a network protocol that provides administrators with a secure way to access a remote computer) credentials from Windows and Linux systems, respectively.

Both tools are "implants," a term the CIA uses to describe malware payloads. Once installed through various means on a target's computer, these two implants hook into SSH-related processes and steal credentials or session traffic, where possible.

BothanSpy targets Windows
The first, BothanSpy, was designed for Windows computers. According to a manual dated in March 2015, the malware will hook into the process of Xshell, a Windows SSH client.
BothanSpy will use this access to steal user credentials for all active SSH sessions. This data can be sent right away to a remote server, or stored on disk in an encrypted file.

Gryfalcon targets Linux
The second, Gyrfalcon, is an implant for Linux systems. According to a 27-page manual dated in November 2013, this malware can target distros such as RHEL, Ubuntu, Suse, Debian, and CentOS.
Gryfalcon works by targeting the OpenSSH client, from where it can extract user credentials for active SSH sessions and full or partial OpenSSH session traffic. The stolen data is saved locally into an encrypted file, and is exfiltrated at a later date.
CIA operatives need root privileges to install Gryfalcon, but the tool itself can operate from a regular account.

The dump is part of a larger series called Vault 7 contains documents WikiLeaks claims were stolen from the CIA by hackers and insiders. 

Bleeping Computer

You  Might Also Read:

Prices For Stolen NSA Exploits Go Higher:

WikiLeaks Releases More Info On CIA Malware:

Snowden: NSA Should Have Prevented WannaCry Attacks:

 

 

« Biometric Products Can Help Cybersecurity
US Marines Embrace Cyber Warfare »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Infrascale

Infrascale

Infrascale specialise in providing cloud backup and disaster recovery services.

LexisNexis Risk Solutions

LexisNexis Risk Solutions

LexisNexis Risk Solutions provides technology solutions for Anti-Money Laundering, Fraud Mitigation, Anti-Bribery and Corruption, Identity Management, Tracing and Investigation.

Mastercard

Mastercard

MasterCard is a leading global payments solutions company that serves consumers and businesses in over 210 countries and territories worldwide.

Cobalt Strike

Cobalt Strike

Cobalt Strike is penetration testing software designed to execute targeted attacks.

Sasa Software

Sasa Software

Sasa Software is a cybersecurity software developer specializing in the prevention of file-based network attacks.

Cybero

Cybero

Cybero offers professional corporate cybersecurity training tailored to your business requirements.

Metro Systems

Metro Systems

Metro Systems offer fully integrated IT solutions & services covering Digital Transformation, Digital Infrastructure, Cyber Security and Training.

Lineal Services

Lineal Services

Lineal supports clients in meeting their digital forensics, cyber security and eDiscovery needs by providing bespoke solutions to complex problems.

BioConnect

BioConnect

BioConnect provide biometric access control solutions to verify a person’s identity across physical, IOT and digital applications.

National CyberWatch Center

National CyberWatch Center

National CyberWatch Center is a cybersecurity consortium working to advance cybersecurity education and strengthen the national workforce.

Tapestry Technologies

Tapestry Technologies

Tapestry Technologies supports the Department of Defense in shaping its approach to cybersecurity.

ESC - Enterprise Security Center

ESC - Enterprise Security Center

ESC is a system house specializing exclusively in IT security - Security Implementation & Optimization, Operations, Managed Security Services.

Automation Workz

Automation Workz

Automation Workz has been ranked as a top 10 Cybersecurity Bootcamp in the US by Career Karma.

Orro Group

Orro Group

Orro create 'future now' solutions that make it faster, simpler and safer for you to access, store and share information. Wherever, whenever and with whomever you want.

Curatrix Technologies

Curatrix Technologies

Curatrix Technologies is a Managed IT Service provider based in Hampshire, UK, providing high quality and reliable Managed IT Services since 2015.

CyBourn

CyBourn

Cybourn's diverse offerings include engineering, analysis, product development, assessment, and advisory services in the cybersecurity space.