Friday, 28 July 2017

Wiklieaks Vault 7 New CIA Exploit Tool For Mac OS And Linux Published

Wiklieaks Vault 7 New CIA Exploit Tool For Mac OS and Linux Published.

This series is made of three hacking exploits, Achilles, SeaPea and Aeris.

Wikileaks published two new exploits tool for Mac and Linux operating system under codenamed Imperial, project by CIA. It is targeting Macs, Debian, Red Hat, Solaris, FreeBSD and Centos.

WikiLeaks publishes documents, the 'Imperial' project of the CIA.

Achilles is a capability that provides an operator the ability to trojan an OS X disk image (.dmg) installer with one or more desired operator specified executables for a one-time execution.

Aeris is an automated implant written in C that supports a number of POSIX-based systems (Debian, RHEL, Solaris, FreeBSD, CentOS). It supports automated file exfiltration, configurable beacon interval and jitter, standalone and Collide-based HTTPS LP support and SMTP protocol support - all with TLS encrypted communications with mutual authentication. It is compatible with the NOD Cryptographic Specification and provides structured command and control that is similar to that used by several Windows implants.

SeaPea is an OS X Rootkit that provides stealth and tool launching capabilities. It hides files/directories, socket connections and/or processes. It runs on Mac OSX 10.6 and 10.7.

Previous project #Vault7 Leaks

UCL / Raytheon:  Raytheon Blackbird Technologies acted as a kind of "technology scout" for the Remote Development Branch (RDB) of the CIA by analysing malware attacks in the wild and giving recommendations to the CIA development teams for further investigation and PoC development for their own malware projects.

HighRise: HighRise is an Android application designed for mobile devices running Android 4.0 to 4.3. It provides a redirector function for SMS messaging that could be used by a number of IOC tools that use SMS messages for communication between implants and listening posts. HighRise acts as a SMS proxy that provides greater separation between devices in the field ("targets") and the listening post (LP) by proxying "incoming" and "outgoing" SMS messages to an internet LP. Highrise provides a communications channel between the HighRise field operator and the LP with a TLS/SSL secured internet communication.


Post a Comment

Note: only a member of this blog may post a comment.

Toggle Footer