Brutal Kangaroo and Emotional Simian

June 22, 2017 ~ hucktech ~ Leave a comment

RELEASE: CIA 'Brutal Kangaroo' and 'Emotional Simian' USB air gap jumping viruses https://t.co/dHDfcHQWIv pic.twitter.com/xU6e3ucPB6

— WikiLeaks (@wikileaks) June 22, 2017

https://twitter.com/josephfcox/status/877859359115497473

https://wikileaks.org/vault7/#Brutal%20Kangaroo

https://motherboard.vice.com/en_us/article/wjq3zq/wikileaks-docs-show-how-the-cia-allegedly-infected-offline-computers

CherryBlossom

June 15, 2017 ~ hucktech ~ Leave a comment

New #Wikileaks release: Cherry Blossom MITM system in implanted router devices https://t.co/DVkI5Bc0z2 #Vault7 #CherryBlossom pic.twitter.com/P82Hoa0Vho

— x0rz (@x0rz) June 15, 2017

[…] CherryBlossom provides a means of monitoring the Internet activity of and performing software exploits on Targets of interest. In particular, CherryBlossom is focused on compromising wireless networking devices, such as wireless routers and access points (APs), to achieve these goals. Such Wi-Fi devices are commonly used as part of the Internet infrastructure in private homes, public spaces (bars, hotels or airports), small and medium sized companies as well as enterprise offices. Therefore these devices are the ideal spot for “Man-In-The-Middle” attacks, as they can easily monitor, control and manipulate the Internet traffic of connected users. By altering the data stream between the user and Internet services, the infected device can inject malicious content into the stream to exploit vulnerabilities in applications or the operating system on the computer of the targeted user. The wireless device itself is compromized by implanting a customized CherryBlossom firmware on it; some devices allow upgrading their firmware over a wireless link, so no physical access to the device is necessary for a successful infection. Once the new firmware on the device is flashed, the router or access point will become a so-called FlyTrap.[…]

https://wikileaks.org/vault7/#Cherry%20Blossom

Wikileaks: Vault 7: Dark Matter

March 23, 2017 ~ hucktech ~ Leave a comment

RELEASE: CIA #Vault7 "Dark Matter" https://t.co/pgnfeODXVB pic.twitter.com/vkI16f3vMD

— WikiLeaks (@wikileaks) March 23, 2017

Today, March 23rd 2017, WikiLeaks releases Vault 7 “Dark Matter”, which contains documentation for several CIA projects that infect Apple Mac firmware (meaning the infection persists even if the operating system is re-installed) developed by the CIA’s Embedded Development Branch (EDB). These documents explain the techniques used by CIA to gain ‘persistence’ on Apple Mac devices, including Macs and iPhones and demonstrate their use of EFI/UEFI and firmware malware. Among others, these documents reveal the “Sonic Screwdriver” project which, as explained by the CIA, is a “mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting” allowing an attacker to boot its attack software for example from a USB stick “even when a firmware password is enabled”. The CIA’s “Sonic Screwdriver” infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter. “DarkSeaSkies” is “an implant that persists in the EFI firmware of an Apple MacBook Air computer” and consists of “DarkMatter”, “SeaPea” and “NightSkies”, respectively EFI, kernel-space and user-space implants. Documents on the “Triton” MacOSX malware, its infector “Dark Mallet” and its EFI-persistent version “DerStarke” are also included in this release. While the DerStarke1.4 manual released today dates to 2013, other Vault 7 documents show that as of 2016 the CIA continues to rely on and update these systems and is working on the production of DerStarke2.0. Also included in this release is the manual for the CIA’s “NightSkies 1.2” a “beacon/loader/implant tool” for the Apple iPhone. Noteworthy is that NightSkies had reached 1.2 by 2008, and is expressly designed to be physically installed onto factory fresh iPhones. i.e the CIA has been infecting the iPhone supply chain of its targets since at least 2008. While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization’s supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise.

https://wikileaks.org/vault7/darkmatter/?cia

https://wikileaks.org/vault7/darkmatter/document/SonicScrewdriver_1p0/
https://wikileaks.org/vault7/darkmatter/document/DerStarke_v1_4_DOC/
https://wikileaks.org/vault7/darkmatter/document/DerStarke_v1_4_RC1_IVVRR_Checklist/
https://wikileaks.org/vault7/darkmatter/document/Triton_v1_3_DOC/
https://wikileaks.org/vault7/darkmatter/document/DarkSeaSkies_1_0_URD/

Wikileaks on CIA UEFI malware

March 7, 2017 ~ hucktech ~ Leave a comment

https://wikileaks.org/ciav7p1/cms/page_26968080.html

https://wikileaks.org/ciav7p1/cms/page_36896783.html

https://wikileaks.org/ciav7p1/cms/page_29851664.html

https://wikileaks.org/ciav7p1/cms/page_27721733.html

https://wikileaks.org/ciav7p1/cms/page_27262984.html

https://wikileaks.org/ciav7p1/cms/page_26968084.html

https://twitter.com/osxreverser/status/839110834496364544

WikiLeaks' #Vault7 reveals numerous CIA 'zero day' vulnerabilities in Android phones https://t.co/yHg7AtX5gg pic.twitter.com/g6xpPYly9T

— WikiLeaks (@wikileaks) March 7, 2017

https://wikileaks.org/ciav7p1/cms/page_11629096.html

CIA's secret hacking division produced a huge amount of weaponized malware to infest iPhone. Android phones–and lost control of it. #Vault7 pic.twitter.com/KmFLEVmbnE

— WikiLeaks (@wikileaks) March 7, 2017

RELEASE: Vault 7 Part 1 "Year Zero": Inside the CIA's global hacking force https://t.co/h5wzfrReyy pic.twitter.com/N2lxyHH9jp

— WikiLeaks (@wikileaks) March 7, 2017