A team of hackers at the CIA, the Central Intelligence Agency, allegedly used a Windows hacking tool against its targets to gain persistent remote access.
As part of its Vault 7 leaks, WikiLeaks today revealed details about a new implant developed by the CIA, dubbed AngelFire, to target computers running Windows operating system.
AngelFire framework implants a persistent backdoor on the target Windows computers by modifying their partition boot sector.
AngelFire framework consists five following components:
- Solartime — it modifies the partition boot sector to load and execute the Wolfcreek (kernel code) every time the system boots up.
- Wolfcreek — a self-loading driver (kernel code that Solartime executes) that loads other drivers and user-mode applications
- Keystone — a component that utilizes DLL injection technique to execute the malicious user applications directly into system memory without dropping them into the file system.
- BadMFS — a covert file system that attempts to install itself in non-partitioned space available on the targeted computer and stores all drivers and implants that Wolfcreek starts.
- Windows Transitory File system — a new method of installing AngelFire, which allows the CIA operator to create transitory files for specific tasks like adding and removing files to AngelFire, rather than laying independent components on disk.
According to a user manual leaked by WikiLeaks, AngelFire requires administrative privileges on a target computer for successful installation.
The 32-bit version of implant works against Windows XP and Windows 7, while the 64-bit implant can target Server 2008 R2, Windows 7.
Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://thehackernews.com/2017/08/cia-boot-sector-malware.html
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
It will be good if you can indicate your source for this material as it not your own material.
@rogerblu
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Congratulations @computertechie! You have completed some achievement on Steemit and have been rewarded with new badge(s) :
You made your First Comment
Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here
If you no longer want to receive notifications, reply to this comment with the word
STOP
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Congratulations @computertechie! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Vote for @Steemitboard as a witness to get one more award and increased upvotes!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit