WikiLeaks Release Documents on How CIA Uses 5 Different Malware

WikiLeaks has released a trove of data belong to the American intelligence agency CIA (Central Intelligence Agency) – The latest batch shows how CIA uses five different malware to target unsuspecting users. 

These malware are called HammerLoss, Regin, HTTPBrowser, NfLog, and Gamker – The documents also show how CIA used Raytheon Blackbird Technologies, a contractor for the Remote Development Branch (RDB) of the CIA.

The nightmarish revelations from Julian Assange are from over, and the latest batch of documents after the release of Vault 7 has startling new information about the CIA’s ability of hacking and infiltrating its targets. The data includes reports from experts about the way various malware programs owned and used by the CIA are used and the way these programs function. In total, there are five files.

This new batch of files is dubbed as UCL/Raytheon and contains documents maintained by Raytheon Blackbird Technologies. The firm is a contractor for the Remote Development Branch (RDB) of the CIA and believed to be its Technology Scout.

As per WikiLeaks, Raytheon was given the responsibility of “analyzing malware attacks in the wild and giving recommendations to the CIA development teams for further investigation and PoC development for their malware projects.”

The UCL/Raytheon leaks provide information about CIA’s use of different malware programs between 2014 and 2015. The files have information about tools produced by the Hacking Team and how the HammerLoss malware from Russia was distributed using Twitter.

The first file explains how Emissary Panda, a China based group, created at the HTTPBrowser remote access tool (RAT). The other file explains how Samurai Panda developed and used the Hacking Team inspired, NfLog based IsSpace RAT.

There is also information about the data collection malware Regin, also called Stealthy Surveillance and Gamker Trojan as well as HammerLoss. The purpose of HammerLoss is to “leverage Twitter and GitHub accounts” and compromise websites as well as Cloud storage for arranging command and control center for conducting a successful hack attack.

According to WikiLeaks press release: “They mostly contain Proof-of-Concept ideas and assessments for malware attack vectors – partly based on public documents from security researchers and private enterprises in the computer security field.”

Vault 7 documents previously leaked documents by WikiLeaks

BothanSpy and Gyrfalcon: Steals SSH credentials from Linux & Windows devices
OutlawCountry and ElsaMalware targeting Linux devices and tracking user geo-location
Brutal Kangaroo: CIA hacking tools for hacking air-gapped PCs
Cherry Blossom: CherryBlossom & CherryBomb: Infecting WiFi routers for years
Pandemic: A malware hacking Windows devices
AfterMidnight and Assassin: CIA remote control & subversion malware hacking Windows
Dark Matter: CIA hacking tool infiltrating iPhones and MacBooks
Athena: A malware targeting Windows operating system
Archimedes: A program helping CIA to hack computers inside a Local Area Network
HIVE: CIA implants to transfer exfiltrated information from target machines
Grasshopper: A malware payloads for Microsoft Windows operating systems
Marble: A framework used to hamper antivirus companies from attributing malware
Dark Matter: A CIA project that infects Apple Mac firmware
Highrise Android Malware: An app called TideCheck employed by CIA to target Android devices


Sponsored: DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.