As WikiLeaks continues to extend the leakage from its “Vault 7 cache” of CIA information, its latest release focuses on tools it says the agency uses for hacking Windows computers. While its release didn’t include any source code, manuals described a “Grasshopper” tool used to create custom malware setups depending on the target intended. As CSO Magazine explains, it used some elements from the Carberp financial malware that leaked onto the internet in 2013. The CIA’s Advanced Engineering Division and Remote Development Branch allegedly modified that malware, while the Grasshopper setup allows them to customize its ability to persist on the victim’s computer, reinstall itself and evade antivirus scans.
Documents dated 2014 list what antivirus products and configurations Grasshopper could bypass on Windows XP, 7 and 8.1 systems, with varying levels of success. According to report from Ars Technica, however, this release isn’t as damaging as last week’s drop, which exposed some of the ways CIA developers hide any signs that could tie an attack to their agency.
About Wikileask VAULT 7
Vault 7 is a series of documents that WikiLeaks began to publish on 7 March 2017, that detail activities and capabilities of the United States Central Intelligence Agency to perform electronic surveillance and cyber warfare. The files, dated from 2013–2016, include details on the agency’s software capabilities, such as the ability to compromise cars, smart TVs, web browsers (including Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera Software ASA), and the operating systems of most smartphones (including Apple’s iOS and Google’s Android), as well as other operating systems such as Microsoft Windows, macOS, and Linux.
WikiLeaks started teasing the release of “Vault 7” in early February 2017 with a series of cryptic tweets. On 16 February 2017, WikiLeaks released CIA documents describing how the CIA monitored the 2012 French presidential election. The press release for this leak stated it was published “as context for its forthcoming CIA Vault 7 series.”
On 8 March 2017 US intelligence and law enforcement officials said to the international news agency Reuters that they have been aware of the CIA security breach, which led to the Vault 7 since late 2016. The officials said they were focusing on “contractors” as the likeliest source of the leak.
Source: Wikileaks / EnGadget / ars Technica