CONFERENCE Cyber AI & Automation Summit - NOW LIVE
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

WikiLeaks Details Malware Made by CIA and U.S. Security Firm

WikiLeaks has published documents detailing another spy tool allegedly used by the U.S. Central Intelligence Agency (CIA). The latest files describe “Athena,” a piece of malware whose developers claim it works on all versions of Windows.

WikiLeaks has published documents detailing another spy tool allegedly used by the U.S. Central Intelligence Agency (CIA). The latest files describe “Athena,” a piece of malware whose developers claim it works on all versions of Windows.

Documents apparently created between September 2015 and February 2016 describe Athena as an implant that can be used as a beacon and for loading various payloads into memory. The tool also allows its operator to plant and fetch files to or from a specified location on the compromised system.

A leaked diagram shows that Athena can be loaded onto the targeted computer by an asset, a remote operator, or via the supply chain. The implant is said to work on all versions of Windows from XP through 10, including Windows Server 2008 and 2012, on both x86 and x64 architectures.

While WikiLeaks has not made available the actual Athena tool, experts pointed out that the leaked documents include information on file and registry changes made by the implant, which can be useful for determining if a system has been compromised.

The documents also show that Athena was developed in collaboration with Siege Technologies, a U.S.-based company that provides offensive-driven cybersecurity solutions. The firm was acquired last year by Nehemiah Security.

WikiLeaks pointed to an email stolen from Italian spyware maker Hacking Team in which Siege Technologies founder Jason Syversen says he’s “more comfortable working on electronic warfare.”

Since March 8, when it first announced the Vault 7 files focusing on the CIA’s hacking capabilities, WikiLeaks has regularly published documents describing various implants allegedly used by the agency. The latest leaks have focused on Windows hacking tools, including for man-in-the-middle (MitM) attacks on the LAN, for hampering malware attribution and analysis, and creating custom malware installers.

Many of the tech companies whose tools are targeted by the Vault 7 exploits claimed their latest products are not affected. Only Cisco admitted finding a critical vulnerability that had exposed many of the company’s switches.

Advertisement. Scroll to continue reading.

The Vault 7 files and the exploits leaked by the hacker group called Shadow Brokers, including ones used in the recent WannaCry ransomware attacks, have once again brought exploit stockpiling by governments into the spotlight.

“We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage,” said Microsoft president and chief legal officer Brad Smith.

In response to concerns over the stockpiling of exploits, a group of U.S. lawmakers last week proposed a new bill, the “Protecting Our Ability to Counter Hacking Act of 2017” (PATCH Act), which aims to help find a balance between national security needs and public safety.

Related: WikiLeaks CIA Files Linked to Espionage Group

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Video platform Vimeo has appointed Ryan Weeks as Chief Information Security Officer.

LPL Financial has welcomed Renana Friedlich as Chief Information Security Officer.

SSH Communications Security has appointed Pauli Haikonen as the company’s Chief Information Security Officer (CISO).

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.