Wikileaks has released a new installment of the #Vault7 leaks series on CIA hacking tools to spy on its targets. This time it is Brutal Kangaroo, the malware developed by the US Central Intelligence Agency to infiltrate secure networks, known as air gapped, made up of computers with Windows as an operating system.
An air-gapped computer or network is a machine or network that is completely isolated from the outside to safeguard safety. For this, they are not connected to the Internet or any computer or device due to which they are more difficult to hack. In addition, it usually has additional security systems to prevent the intrusion of external agents.
Examples of air gapped equipment or networks are found in machines that process credit or debit card transactions in retail, military, or industrial control systems operating with critical infrastructure.
According to Wikileaks, the CIA used Brutal Kangaroo to be able to sneak into these computers or secure networks. It is composed of a set of tools that use a contaminated USB memory to enter the machines, in order to create a custom hidden network within the target network. Once inside, the malware is able to execute code remotely.
The documents leaked by Wikileaks describe how the CIA managed to infiltrate computers and air-gapped networks within an organization without having any direct access to it. The first step is to infect a computer connected to the Internet within the company, which is called the primary host. Once Brutal Kangaroo is installed on the initial PC, the malware contaminates with a virus other than any USB memory or removable hard disk that connects.
After that, you only have to wait for a member of the organization to use the unit to connect to the air-gapped network. If multiple computers in the closed network fall under the control of the CIA, they will create a covert network to coordinate tasks and exchange data, in a similar way as the Stuxnet worm does.
The Brutal Kangaroo project is composed of several components:-
- Drifting Deadline: USB memory infection tool.
- Shattered Assurance: Server tool that manages the automated infection of storage units.
- Broken Promise: System that evaluates the collected information.
- Shadow: A mechanism that acts as a covert C & C network.
ALSO READ : Top 5 Free Facebook Video Downloaders
Got a burning question you want answered? Ask it in the comments or on Facebook and Twitter and subscribe for more Posts..
SHARING IS CARING
