The latest Vault 7 documents released by WikiLeaks enclose the techniques CIA is using to infect so-called “air-gapped” PCs. It exposes a malware that targets the computers which are not connected to the internet through using a USB stick.
These hacking methods exposed by Julian Assange’s WikiLeaks on Thursday, inject vulnerabilities alike those used in the unknown Stuxnet attacks. These attacks were planned by the US and Israel in order to infect the nuclear plants in Iran which also utilize Thumb drives to access the critical systems.
An array of manuals was included in the Wikileaks exposed “Brutal Kangaroo” leak from CIA information office. An overview of these attacks was illustrated in the user guide released in February 2016, showing the workings of “drifting Deadline” malware which is included in the Brutal Kangaroo suite. This malware was designed in a way that it first infects a PC and then the plugged-in thumb drive. Whenever the victim move this USB stick to a non-connected (air-gapped) computer, the malware infection spreads.
Finally, the software named Shadow could “create a custom covert network within the target closed network,” which CIA could use to carry out further attacks and tracking activities.
However, this kind of attack could exploit vulnerabilities that easily spread in no time when a user opens the files on the thumb drive in Windows Explorer. For that, they just need to peruse these files, to get infected as explained by an independent research going by the name xorz. That specific part of the Brutal Kangaroo attack suite was similar to the one squandered by Stuxnet. In this attack, it was transferred through malicious.Ink files.
Therefore, CIA malware could target the disconnected PCs used by terrorists and Industrial groups, said xorz.
Is Microsoft Working With Wikileaks?
Since February 2016, Microsoft is releasing updates so that the users could patch the security flaws pertaining in Windows. Also, one security update is released this month. However, one could hardly believe that after the implementation of security patches in Giraffe and Okabi vectors, the CIA hasn’t developed new execution vectors.
After the WikiLeaks has released the Vault 7 documents earlier this year in April, they have owed to help software vendors in patching up the reported issues. Yet, it is still unclear that the resolved lnk. issues by Microsoft in past few months are linked to Brutal Kangaroo or not.
This part of extensive Vault 7 document is the one for which the WikiLeaks claims to be stolen by the CIA hackers and insiders. However, they have initially mentioned a few details in the released Vault 7 document series earlier this year.
Share this article
About the Author
Zehra Ali is a Tech Reporter and Journalist. She has done her Masters in Mass Communication. Topics related to cybersecurity, IoT, AI, Big Data and other privacy matters are extensively covered by her on various platforms. You can follow her on twitter.
More from Zehra AliRelated Posts
Passengers’ Data Stored on User Devices, not on DigiYatra Storage, says India Govt
KEY TAKEAWAYS Unblocking streaming content from Amazon Prime is easy only if you know the reliable V...
NCSC Chief: Clear Rules Needed to Prevent Cyberspace Conflict and Struggle
A safe and secure digital world necessitates a clear definition and enforcement of international cyb...
‘Revive’ has been upgraded to a banking Trojan on Android
This month, Cleafy’s security researchers discovered a new Android Banking Trojan in the wild....
Asian Industrial Control Systems Targeted by Hackers Using the Shadowpad Backdoor
Unpatched Microsoft Exchange servers in various Asian countries were the target of an attack campaig...
Data Breaches Could Occur Due to Kubernetes Misconfigurations That Were Leaked.
Over 900,000 Kubernetes (K8s) have been discovered to be vulnerable to malicious scans and/or data-e...
Attacks by Cybercriminals Will Become the Main Threat in 2024. Privacy Issues Tendencies
Internet Privacy is the main Concern today Advertisers track your online activities and interf...
