Vault 7: CIA Co-Developed Athena Malware with US Cyber-Security Company

[Batu69]

Every Friday, WikiLeaks has established a tradition of leaking new documents in the Vault 7 series — which details some of the CIA's hacking tools. Today, the organization leaked documentation about a tool called Athena.

 

According to leaked documents, which WikiLeaks previously claimed it received from hackers and CIA insiders, Athena is an implant — a CIA technical term for "malware" — that can target and infect any Windows system, from Windows XP to Windows 10, Microsoft's latest OS version.

 

Documents leaked today are dated between September 2015 and February 2016, showing that the CIA had the ability to hack Windows 10 months after its launch, despite Microsoft boasting about how hard it would be to hack its new OS.

Athena included support for fileless execution

At the technical level, despite using custom terms to describe its modus operandi, Athena isn't that special when compared to other malware developed for cyber-espionage operations.

 

According to documents, a CIA operative has a builder at his disposal with plenty of options to generate an Athena malware payload. This payload can be specifically assembled to work with an online C&C server, offline, or in a RAM-only mode (also known as diskless/fileless mode).

 

For installing Athena, operatives had different methods available that ranged from classic delivery methods to supply chain compromise, and even via an in-the-field operative, if necessary.

 

Once on a target's PC, Athena would communicate with a C&C server from where it would receive instructions or additional payloads it would need to install on its victim's computer. This is a classic architecture we find in most malware today.

 

 

Leaked files reveal that Athena was designed to be used with another system called Hera, on which there isn't any additional information available at the moment.

CIA co-developed Athena with US cyber-security company

What's more interesting is that documents reveal the CIA had helped from a non-government contractor in developing the malware.

The company is Siege Technologies, a cyber-security company based in New Hampshire, which was acquired on November 15, 2016, by Nehemiah Security, another US company, based in Tysons, Virginia, on the outskirts of Washington and near CIA's headquarters, in a zone peppered with various military and defense contractors.

 

In 2014, Blomberg ran a feature on Siege Technologies and Jason Syversen, the company's founder. In the article, Syversen said his company was working on creating a system that would tell US officials if a cyber-weapon was successful or not, the equivalent of a "kill metric" for classic weapons.

 

You can follow the rest of our WikiLeaks Vault 7 coverage here. Below is a list of the most notable WikiLeaks "Vault 7" dumps:

ᗙ Weeping Angel - tool to hack Samsung smart TVs
ᗙ Fine Dining - a collection of fake, malware-laced apps
ᗙ Grasshopper - a builder for Windows malware
ᗙ DarkSeaSkies - tools for hacking iPhones and Macs
ᗙ Scribble - beaconing system for Office documents
ᗙ Archimedes - a tool for performing MitM attacks
ᗙ AfterMidnight and Assassin - malware frameworks for Windows

Article source

[Atasas]

I honestly admire dude for exposing (leaking) making it all public, but he keeps on making enemies by doing so....

 

as it comes to vault- there was key released earlier, in case he wouldn't have made alive or free earlier for the conference today... was not needed.

[WALLONN7]

WikiLeaks releases CIA spyware, known as Athena, that targets all Windows versions from XP to 10

 

WikiLeaks has published details of a new piece of spyware created by the CIA. Named Athena, the spyware is able to target all Windows versions from Windows XP to Windows 10. With this piece of spyware, it can hijack an entire PC, allowing the perpetrator to steal data and send it elsewhere, such as CIAs servers, as well as delete data and perform additional infections of a PC by installing more malicious software.

 

Within the spyware are 2 modules. The primary module is Athena, which can attack Windows XP to Windows 10. Additionally, there’s Hera, which can attack Windows 8 to Windows 10.

 

The spyware was co-developed by the CIA and Siege Technologies, a New Hampshire-based cyber security company. On a post on its website, WikiLeaks said:

Once installed, the malware provides a beaconing capability (including configuration and task handling), the memory loading/unloading of malicious payloads for specific tasks and the delivery and retrieval of files to/from a specified directory on the target system. It allows the operator to configure settings during runtime (while the implant is on target) to customize it to an operation.

 

This is the latest in what is expected to be a flurry of leaks of exploits used by the United States’ intelligence agencies.

 

Source

[Sylence]

I'm wondering, why would they need such spywares? Microsoft, Apple, Google already cooperating with the NSA, so why they should make all these and spread them to computers and make a fuss about it? 

only one of the users who's installed an antivirus with cloud feature is needed to get infected and that malware's signature will be sent to the server and the rest of the users will get security patches fast.

 

also if they wanted to target a specific organization that was highly restricted, they would need offline methods because that organization would be off the grid separate from the global network.

 

another thing, after what happened with Ed Snowden they still haven't learned how to protect themselves and don't let the information this much important get out? 

 

 

these all sound fishy and shouldn't trust any of these news.

[CrAKeN]

 

As Microsoft recently pointed out, the stockpiling of cyber exploits by the intelligence community has been the subject of great concern for cyber security experts, putting the privacy and data of millions of users at risk. WikiLeaks, today, revealed another exploit used by the American intelligence agencies to target Windows systems.

 

Codenamed 'Athena', the spyware was apparently created by the CIA in conjunction with Siege Technologies, a New Hampshire cyber tech firm. Athena allows an attacker to take total control of a computer, send and retrieve data to and from remote locations, such as CIA servers, delete data and also upload other malicious code onto the computer, thereby introducing even more infections. It also works for any version of Windows from Windows XP to Windows 10, marking it as particularly potent in both its capabilities and its reach.

 

The operation of the malware is explained in further detail as follows:

 

Quote

Once installed, the malware provides a beaconing capability (including configuration and task handling), the memory loading/unloading of malicious payloads for specific tasks and the delivery and retrieval of files to/from a specified directory on the target system. It allows the operator to configure settings during runtime (while the implant is on target) to customize it to an operation.

 

This is the latest in Windows vulnerabilities created by intelligence agencies which have now been leaked to the public. The recent WannaCry attack was the result of such a leak and the group behind that leak has threatened the release of even more exploits next month. All of this emphasizes the need for a larger debate on the morality of intelligence agencies' creation of exploits and their reluctance to work with software vendors to patch them.

 

Source

[Batu69]

Topic by @CrAKeN has been merged.