WikiLeaks reveals CIA tool for secretly loading, executing implants on computers

DAILY SABAH
ISTANBUL
Published 31.08.2017 15:24
Updated 31.08.2017 15:43
The logo of the Wikileaks website is pictured on a smartphone in this picture illustration taken in Tokyo November 29, 2010. (Reuters Photo)
The logo of the Wikileaks website is pictured on a smartphone in this picture illustration taken in Tokyo November 29, 2010. (Reuters Photo)

WikiLeaks published new information Thursday as part of its Vault 7 series that revealed a CIA tool used to load and execute implants on computers with Microsoft Windows operating systems.

"Like previously published CIA projects (Grasshopper and AfterMidnight) in the Vault7 series, it is a persistent framework that can load and execute custom implants on target computers running the Microsoft Windows operating system (XP or Win7)," the WikiLeaks statement read.

According to the new WikiLeaks documents, the tool is called "Angelfire" and consists of five components.

The components called Solartime, Wolfcreek, Keystone, BadMFS and the Windows Transitory File system have a wide range of functions.

After Angelfire is installed on a computer, Solartime modifies the partition boot sector of the machine, paving the way for Wolfcreek to load and execute the remaining implants.

Thanks to Wolfcreek, Keystone then loads malicious user applications on the targeted computers, which reportedly never touch the file system.

"This leaves very little forensic evidence that the process ever ran," WikiLeaks said.

WikiLeaks released the first batch of its Vault 7 series in March, which contained a total of 8,761 documents.

The whistleblowing website previously claimed that the data had been uncovered by U.S. government hackers, revealing a huge archive of viruses, malware, software vulnerability hacks used by the CIA.

Share on Facebook Share on Twitter