Vault 7: CIA Co-Developed Athena Malware with US Cyber-Security Company

Discussion in 'Latest Security News' started by frogboy, May 19, 2017.

  1. frogboy

    frogboy Level 61
    Trusted

    Joined:
    Jun 9, 2013
    Messages:
    5,304
    Likes Received:
    50,351
    OS:
    Windows 10
    AV:
    Emsisoft
    Every Friday, WikiLeaks has established a tradition of leaking new documents in the Vault 7 series — which details some of the CIA's hacking tools. Today, the organization leaked documentation about a tool called Athena.

    According to leaked documents, which WikiLeaks previously claimed it received from hackers and CIA insiders, Athena is an implant — a CIA technical term for "malware" — that can target and infect any Windows system, from Windows XP to Windows 10, Microsoft's latest OS version.

    Documents leaked today are dated between September 2015 and February 2016, showing that the CIA had the ability to hack Windows 10 months after its launch, despite Microsoft boasting about how hard it would be to hack its new OS.

    Athena included support for fileless execution
    At the technical level, despite using custom terms to describe its modus operandi, Athena isn't that special when compared to other malware developed for cyber-espionage operations.

    According to documents, a CIA operative has a builder at his disposal with plenty of options to generate an Athena malware payload. This payload can be specifically assembled to work with an online C&C server, offline, or in a RAM-only mode (also known as diskless/fileless mode).

    For installing Athena, operatives had different methods available that ranged from classic delivery methods to supply chain compromise, and even via an in-the-field operative, if necessary.

    Once on a target's PC, Athena would communicate with a C&C server from where it would receive instructions or additional payloads it would need to install on its victim's computer. This is a classic architecture we find in most malware today.

    Read More. Vault 7: CIA Co-Developed Athena Malware with US Cyber-Security Company
     
  2. ElectricSheep

    ElectricSheep Level 9

    Joined:
    Aug 31, 2014
    Messages:
    408
    Likes Received:
    4,817
    WikiLeaks says it believes in "free press" publishing original source materials and the likes.

    To be honest, I think they're being extremely irresponsible by publishing these CIA exploits online where they can easily fall into the wrong hands as we have seen with the whole WanaCry episode. So they're just as much to blame as everyone else that's responsible for it all!
    If they want to make noises about exploits, spying malwares, etc - go ahead but DON'T publish the actual code! It doesn't take an idiot to realise that it's not a very sensible move to make and the damage has been done.
     
  3. GonzitoVir

    GonzitoVir Level 1

    Joined:
    May 16, 2017
    Messages:
    20
    Likes Received:
    35
    OS:
    Windows 10
    AV:
    Sophos
  4. Winter Soldier

    Winter Soldier Level 22

    Joined:
    Feb 13, 2017
    Messages:
    1,129
    Likes Received:
    7,130
    OS:
    Windows 10
    AV:
    Emsisoft
    I daily read news about this "tsunami" caused by CIA, NSA, cyber-thieves, etc...etc...:eek:
    BUT why I haven't found news about who has really to PAY for what is happening!
    I'm missing something ? :eek:
     
Loading...
Other threads that you may like Forum Date
Update NQ Mobile Vault and Antivirus Other Security for Android and iOS Monday at 5:35 AM
Q&A Portable Vaults protects from rasomware? Security Discussions May 13, 2017
Hacking Alert Wikileaks Vault 7: CIA's Weeping Angel Tool Can Turn On Samsung Smart TV's Mic Latest Security News Apr 23, 2017