Today's dump is part of a larger series called Vault 7 contains documents WikiLeaks claims were stolen from the CIA by hackers and insiders. The SeaPea manual is old, being dated to the summer of 2011, and lists as "tested operating systems" two very old OS X versions - Mac OS X 10.6 (Snow Leopard) and Mac OS X 10.7 (Lion). To review, SeaPea provides CIA operators with a kernel-level implant that allows them to persist infections on OS X systems between system reboots.Īdditional capabilities include the ability to hides files or directories, start socket connections or launch desired (malicious?) processes. This tool's manual was previously released in another WikiLeaks CIA dump named DarkSeaSkies, a collection of tools for hacking Macs and iPhones, released in March. The third and final manual released today is for an OS X rootkit named SeaPea. The Aeris manual doesn't include details of how the data is collected, most likely meaning its part of a larger attack chain and CIA operators must use other tools to compromise systems, identify desired data, download Aeris, and only then exfiltrate any collected information. Under the hood, Aeris includes features specific to data exfiltration utilities, usually used to steal information from targeted hosts via secure TLS-encrypted channels. The second CIA hacking tool manual released today is for a tool called Aeris, which is an implant (malware) for POSIX systems.Īccording to the document, Aeris is written in C and can work on the following operating systems: Using a one-time execution routine is typical to US cyber-intelligence, who are known to put a lot of effort into remaining undetected on targeted machines. Running the DMG file installs the original app, installs the payload, and then removes the payload from the DMG file. The first of these tools is named Achilles and this is a utility for trojanizing macOS DMG installers.Īccording to a one-page user guide released by WikiLeaks, Achilles allows an operator to bind an executable to a DMG file for a one-time execution. Today, Wikileaks published more documents part of its Vault 7 CIA exposé series, revealing new manuals for three tools named Achilles, Aeris, and SeaPea, part of a larger CIA project named Imperial.Įach of the three tools has a different purpose, being developed to target only a specific set of operating systems.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |