Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Canada’s CSE Spy Agency Releases Malware Analysis Tool

Canada’s Communications Security Establishment (CSE) agency announced this week that the source code for one of its malware detection and analysis tools has been made public.

Canada’s Communications Security Establishment (CSE) agency announced this week that the source code for one of its malware detection and analysis tools has been made public.

The Python-based tool released as open source by the spy agency is named Assemblyline and it was created within the CSE’s Cyber Defence program. The organization says this is one of the tools it uses to protect the country’s computer systems against advanced cyber threats.

Assemblyline allows defenders to automate the analysis of malicious files. The analysis process, which has been compared to a conveyor belt, involves assigning a unique identifier to files as they travel through the system, looking for signs of malicious functionality and extracting features for further analysis, generating alerts for malicious files and assigning them a score, and sending data to other protection systems so that identified threats can be neutralized.Assemblyline

Users can also add their own analytics, including custom-built software and antiviruses, to enhance Assemblyline’s capabilities.

“The strength of Assemblyline is the ability of users to scale the system to their needs and the way that Assemblyline automatically rebalances its workload depending on the volume of files. It reduces the number of non-malicious files that security analysts have to inspect, and permits users to focus their time and attention on the most harmful files, allowing them to spend time researching new cyber defence techniques,” CSE said.

The Assemblyline source code is available on BitBucket. Organizations can modify it to suit their needs or integrate it into existing solutions.

The CSE is a security and intelligence organization focused on collecting intel in support of the government’s priorities, and protecting the country’s most critical computer networks. While the spy agency has often been described as “super secret,” some insight into its activities was revealed by documents leaked a few years ago by former NSA contractor and whistleblower Edward Snowden.

The documents showed that the CSE had been analyzing a foreign espionage operation that it had linked to French intelligence. The campaign has since been investigated by many researchers and cybersecurity firms.

Advertisement. Scroll to continue reading.

The CSE is not the only spy agency to release open source tools. Last year, the UK’s Government Communications Headquarters (GCHQ) made available CyberChef, a tool that allows both technical and non-technical people to analyze encryption, compression and decompression, and data formats.

Related: Cisco Releases Open Source Malware Signature Generator

Related: Google, Spotify Release Open Source Cloud Security Tools

Related: Kaspersky Releases Open Source Digital Forensics Tool

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.