WikiLeaks: CIA analyzed Russian and Chinese malware to inspire its own hacking and surveillance tools
Some four months after the first Vault 7 leak, WikiLeaks continues to publish revealing CIA documents that detail the agency's ability to hack, infiltrate and surveil targets. The latest batch goes under the banner "UCL / Raytheon", and comprises documents from CIA contractor Raytheon Blackbird Technologies.
Dating from late 2014 and late 2015, the documents show how the CIA, through Raytheon Blackbird Technologies, monitored malware in the wild to see how it could be used by the agency. The documents cover tools produced by the infamous Hacking Team as well as the Russian HammerToss malware delivered via Twitter.
See also:
- Julian Assange says WikiLeaks will share CIA hacking tools from Vault 7 with technology companies<
- WikiLeaks reveals CIA tool for SMS spying
In all, the latest batch of releases include five documents from Raytheon Blackbird Technologies. The first looks at the HTTPBrowser remote access tool (RAT) developed by the Chinese group Emissary Panda, while another concerns the Hacking Team-inspired RAT IsSpace based on NfLog and used by Samurai Panda.
Also discussed are Regin -- a data collecting malware subtitled Stealthy Surveillance -- and the Gamker Trojan. Particularly interesting, however, is the Russian-produced HammerToss which "leverages Twitter accounts, GitHub or compromised websites, basic steganography, and Cloud-storage to orchestrate command and control (C2) functions of the attack."
Revealing the latest leaks, WikiLeaks says:
Today WikiLeaks publishes documents from the CIA contractor Raytheon Blackbird Technologies for the "UMBRAGE Component Library" (UCL) project. The documents were submitted to the CIA between November 21st 2014 (just two weeks after Raytheon acquired Blackbird Technologies to build a Cyber Powerhouse) and September, 11th 2015. They mostly contain Proof-of-Concept ideas and assessments for malware attack vectors - partly based on public documents from security researchers and private enterprises in the computer security field.
Raytheon Blackbird Technologies acted as a kind of "technology scout" for the Remote Development Branch (RDB) of the CIA by analysing malware attacks in the wild and giving recommendations to the CIA development teams for further investigation and PoC development for their own malware projects.
You can check out the UCL / Raytheon documents over on the WikiLeaks website.