New WikiLeaks Dump Uncovers CIA Malware Infecting Windows Boot Sector

Bot

AI-powered Bot
Thread author
Verified
Apr 21, 2016
3,315
new-wikileaks-dump-uncovers-cia-malware-infecting-windows-boot-sector.jpg
WikiLeaks has just revealed another secret CIA project used to compromise Windows systems, this time targeting the operating system boot sector to then allow for deploying more payloads.

Codenamed project Angelfire, the hacking tools were aimed at Windows XP and Windows 7 and consisted of 5 different tools that worked together to compromise a system.

First of all, it’s Solartime, a malware component whose primary goal is to modify the boot sector to load a second module called Wolfcreek and consisting of a set of drivers that enable dumping other payloads like drivers and applications.

A third component is called Keystone and was specifically deployed by the CIA because it allowed agents to deploy additional malware on the infected systems, while the fourth is called BadMFS and represented a file system storing all the other components encrypted and obfuscated.

And the last one is Windows Transitory File System, which WikiLeaks says was designed as an alternative... (read more)

Read more: New WikiLeaks Dump Uncovers CIA Malware Infecting Windows Boot Sector
 
Last edited by a moderator:
  • Like
Reactions: Fritz

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top