Information on the hacking tactics of CIA as released from the Wikileaks Vault7 is believed to possess malware whose goal is to infect computers not linked to the internet by USB stickers, commonly known as air-gapped PCs.
According to the report on hacks released by Julian Assange’s organization, Thursday exploit vulnerabilities, same to the ones applied by the Stuxnet attacks, which is not so famous is trusted to have been redirected to nuclear plants in Iran by the US and Israel. This scattered into critical systems using thumb drives.
Wikileaks “Brutal Kangaroo” leak is made up of an array manuals suspected to be from the CIA’s data. One guide manual for users released on February 2016 revealed how the forceful Kangaroo suite possessed the malware well created and designed with the aim of attacking computers and any plugged-in thumb drive, this is commonly known as “Drifting Deadline.” The infection starts when a USB stick is moved to another computer which is not connected to the internet by USB stickers and eventually spreads out infecting it.
The last step which would easily build a custom secret network in the target selected network would be using a software known as Shadow. Through this, CIA would easily perform their attacks and monitoring of the surrounding.
An independent researcher named x0rz said that the most appealing aspect of attack was an attack which ran as soon as a user glanced at files located on thumb drive while using windows explorer. He further added that the user requires no opening of files, instead they just need to have an overview of the files for them to be infected.
The researcher continued that the abused Stuxnet and the Brutal Kangaroo exploit kit possessed a given similarity due to the fact that Stuxnet was delivered through Ink files which were not good at all. He ended his statement by saying that the CIA malware was commonly used by industrial systems and terrorists who used computers which were not linked.
To exhaust the Ink files, icons of well-made shortcuts which needed processing by the target PC as patched by the Microsoft vulnerability affecting Windows. This is exactly similar to the CIA attack.
According to tech titan, flaws had been exploited also hence disclosing the details making x0rz and his fellows to venture on Wikileaks well and informed Microsoft of that, a process which facilitated the release of Brutal Kangaroo files currently. X0rz predicted that the exploited user known as Okabi as per the user guide was the one patched. This made x0rz to conclude that Wikileaks uncovered it to Microsoft. In 2015, an older exploit of the Brutal Kangaroo Arsenal named EZCheese was patched before the replacement was done.
Hacker House co-founder Mathew Mickey revealed that the. Ink vulnerability and the CIA’s air-gap framework had similar flaws as exposed by Wikileaks leaks. A Microsoft spokesperson said that they are currently viewing this and hence there is no information to be disclosed at the moment. The CIA criticized Assange’s group on its past release including iPhone although it never commented on Wikileaks. CIA never accepted the legitimacy of any Wikileaks files.
In March, a spokesperson said that the American people should be worried by any Wikileak disclosure with an aim of damaging the societal intelligence against terrorism. Researchers revealed how subtle revolutions in lightbulb could show data to an intruder in April last year, similarly, in February an attack was revealed with a relay data on LED but to a drone outside the office.