WikiLeaks has published online top-secret documents it has obtained from the CIA describing the agency’s hacking tools. This details in the software codenamed Brutal Kangaroo shows that agents can use the software to infect targets’ air-gapped computers with malware.
Dubbed “Brutal Kangaroo,” it has been described by its developer as a tool suite designed for targeting closed networks. The infected systems will form a covert network, and the attacker will be able to obtain information and execute arbitrary files. According to the user guide [PDF], the software consists of four specific applications. Shattered Assurance is the server-side code that forms the basis of the attack system and infects USBG drives plugged into an infected computer with the Drifting Deadline malware.
Microsoft said the vulnerabilities used by these exploits have already been patched in supported versions of Windows but whenthis was done is still unclear. The company this month patched a LNK remote code execution flaw (CVE-2017-8464) that has been actively exploited, but no information has been provided on these attacks.
WikiLeaks has been publishing CIA files, which are part of a leak dubbed “Vault 7,” nearly every week since March 23. There’s nothing too surprising about the Brutal Kangaroo suite, or most of the other documents WikiLeaks is releasing as part of its Vault 7 archive. The software described is all something will expect an intelligence agency to use.