OutlawCountry is one of the tools used by the U.S. Central Intelligence Agency (CIA) to target computers running the Linux operating system. OutlawCountry allows for the redirection of all outbound network traffic on the target computer to CIA controlled machines for ex- and infiltration purposes.
The malware consists of a kernel module that generates a hidden netfilter table on a Linux target; with knowledge of the table name, an operator can create rules that take priority over existing netfilter/iptables rules and are hidden from an user or even system administrator.
According to Wikileaks:
“The installation and persistence method of the malware is not described in detail in the document; an operator will have to rely on the available CIA exploits and backdoors to inject the kernel module into a target operating system. Outlaw-Country v1.0 contains one kernel module for 64-bit CentOS/RHEL 6.x; this module will only work with default kernels. Also, Outlaw-Country v1.0 only supports adding covert DNAT rules to the PREROUTING chain.”
The new malware details have been leaked and published in the form of a user manual, which describes that OutlawCountry tool consists of a kernel module for Linux 2.6.
OutlawCountry is just another leak of the several CIA leaks that WikiLeaks has published out as part of its Vault 7 series of data dumps.
