ELSA: New CIA Tool Revealed By Wikileaks Which Was Used To Track PCs Via WI-Fi.
Wikileaks released latest Vault7 series of CIA Hacking tools. ELSA, the malware used to track Wi-Fi enabled devices on running Microsoft Windows operating system. ELSA allows to gather location data on the victim device and able to monitor remotely.
"WikiLeaks publishes documents from the ELSA project of the CIA. ELSA is a Geo-location malware for WiFi-enabled devices like laptops running the Microsoft Windows operating system. Once persistently installed on a target machine using separate CIA exploits, the malware scans visible WiFi access points and records the ESS identifier, MAC address and signal strength at regular intervals. To perform the data collection the target machine does not have to be online or connected to an access point; it only needs to be running with an enabled WiFi device.
If it is connected to the internet, the malware automatically tries to use public Geo-location databases from Google or Microsoft to resolve the position of the device and stores the longitude and latitude data along with the timestamp. The collected access point/geo-location information is stored in encrypted form on the device for later exfiltration. The malware itself does not beacon this data to a CIA back-end; instead the operator must actively retrieve the log file from the device - again using separate CIA exploits and backdoors.
The ELSA project allows the customization of the implant to match the target environment and operational objectives like sampling interval, maximum size of the logfile and invocation/persistence method. Additional back-end software (again using public geo-location databases from Google and Microsoft) converts unprocessed access point information from exfiltrated logfiles to Geo-location data to create a tracking profile of the target device."
RELEASE: CIA 'ELSA' malware can geolocate your Windows laptop or desktop by listening to surrounding WiFi signals https://t.co/XjyyXIqXAz pic.twitter.com/WCw6dgF9ql— WikiLeaks (@wikileaks) June 28, 2017
RELEASE: CIA 'ESLA' implant to track the location of laptops by intercepting the surrounding WiFi signals https://t.co/XjyyXIqXAz pic.twitter.com/WwMnh9Qxvp— WikiLeaks (@wikileaks) June 28, 2017
Last week Wikileaks Published Brutal Kangaroo project of the CIA. Brutal Kangaroo is a tool suite for Microsoft Windows that targets closed networks by air gap jumping using thumb drives. Brutal Kangaroo components create a custom covert network within the target closed network and providing functionality for executing surveys, directory listings, and arbitrary executable.