#Vault7 ‘Athena’: CIA’s anti-Windows malware ‘better than bombing things’
The latest in WikiLeaks’ series of #Vault7 leaks was released Friday detailing malware that provides remote beacon and loader capabilities on target computers using several Microsoft Windows operating systems.
‘Athena’ is the latest codename for the release which consists of five documents.
In the user guide, the operating systems which can be targeted are: Windows XP Pro SP3 32-bit, Windows 7 32-bit/64-bit, Windows 8.1 32-bit/64-bit, Windows 2008 Enterprise Server, Windows 2012 Server, and Windows 10.
Once installed on a target computer, Athena will use a listening post to receive beacons from the operator, allowing it to signal and trigger additional malware payloads undetected on the target computer.
#Athena operation in latest #Vault7#WikiLeaks release pic.twitter.com/xT9IRIMlqP— Colm McGlinchey (@ColmMcGlinchey) May 19, 2017
Athena “hijacks” the DNSCACHE, a temporary database maintained by the operating system to record internet traffic on the computer, to hide its presence, according to a document contained in the leak.
The command module for Athena will only load during a signal, before being destroyed when completed.
The CIA cooperated with the private cybersecurity firm Siege Technologies to develop the Athena malware.
"I feel more comfortable working on electronic warfare… It’s a little different than bombs and nuclear weapons -- that’s a morally complex field to be in. Now instead of bombing things and having collateral damage, you can really reduce civilian casualties, which is a win for everybody," Jason Syversen, the founder of Siege Technologies, wrote in an email.
The release is the latest in WikiLeaks series of leaks, allegedly from the CIA, known as #Vault7. Previous releases showed hacking techniques used to weaponize mobile phones, conduct surveillance via Smart TVs and load and execute malware on a target machine.
#Vault7: WikiLeaks outlines ‘CIA malware’ targeting #Microsoft Windows https://t.co/oNS1aQSqU0pic.twitter.com/vxSycLhdkP— RT (@RT_com) May 12, 2017