In the beginning of March, WikiLeaks started their new (and very popular) series of leaks dubbed “Vault 7”. To date, Vault 7 is the largest publication of classified documents from the U.S. Central Intelligence Agency.
The first part of the series, dubbed “Year Zero”, is filled with ample amounts of data alone.
“[Year Zero] comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virginia. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election.”
Just recently, WikiLeaks released another part of the series in the form of a user manual filled with hacking tools belonging to the CIA. The specialty of the tools is infecting air-gapped PCs through USB drives. The set of tools is called Brutal Kangaroo.
The tools included in Brutal Kangaroo make it possible to obtain classified data from targeted networks. These tools are Drifting Deadline, Shattered Assurance, Shadow, and Broken Promise. The process/execution is also fairly simple.
Starting out, the operator of Brutal Kangaroo can utilize Drifting Deadline to produce and insert malware. They can then use that malware in a two-staged procedure of infecting air-gapped systems.
“Initially, the attacker, or in this case the CIA, can infect a targeted computer called the primary host. The malware is injected into this PC and when a user inserts a USB drive into it, the malware, through Shattered Assurance generates a more powerful virus and loads it in the USB.
Once the user inserts this USB into another PC, the more powerful malware affects this new PC, and the chain goes on depending on how many more computers share the USB.”
If the idea of Brutal Kangaroo being on the loose concerns you, consider using one of the antivirus programs that detects the bug: Rising Antivirus, Symantec, Avira, and Bitdefender.
