WikiLeaks Reveal CIA Credentials Malware

Uploaded on 2017-07-17 in NEWS-News Analysis, INTELLIGENCE--USA, FREE TO VIEW

WikiLeaks recently dumped the documentation of two CIA hacking tools codenamed BothanSpy and Gyrfalcon, both designed to steal SSH (Secure Socket Shell, is a network protocol that provides administrators with a secure way to access a remote computer) credentials from Windows and Linux systems, respectively.

Both tools are "implants," a term the CIA uses to describe malware payloads. Once installed through various means on a target's computer, these two implants hook into SSH-related processes and steal credentials or session traffic, where possible.

BothanSpy targets Windows
The first, BothanSpy, was designed for Windows computers. According to a manual dated in March 2015, the malware will hook into the process of Xshell, a Windows SSH client.
BothanSpy will use this access to steal user credentials for all active SSH sessions. This data can be sent right away to a remote server, or stored on disk in an encrypted file.

Gryfalcon targets Linux
The second, Gyrfalcon, is an implant for Linux systems. According to a 27-page manual dated in November 2013, this malware can target distros such as RHEL, Ubuntu, Suse, Debian, and CentOS.
Gryfalcon works by targeting the OpenSSH client, from where it can extract user credentials for active SSH sessions and full or partial OpenSSH session traffic. The stolen data is saved locally into an encrypted file, and is exfiltrated at a later date.
CIA operatives need root privileges to install Gryfalcon, but the tool itself can operate from a regular account.

The dump is part of a larger series called Vault 7 contains documents WikiLeaks claims were stolen from the CIA by hackers and insiders. 

Bleeping Computer

You  Might Also Read:

Prices For Stolen NSA Exploits Go Higher:

WikiLeaks Releases More Info On CIA Malware:

Snowden: NSA Should Have Prevented WannaCry Attacks:

 

 

« Biometric Products Can Help Cybersecurity
US Marines Embrace Cyber Warfare »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IASME Consortium

IASME Consortium

IASME is one of five companies appointed as Accreditation Bodies for assessing and certifying against the UK Government's Cyber Essentials Scheme.

Nutanix

Nutanix

The Nutanix enterprise cloud platform provides performance, robust security, and seamless application mobility for a broad range of enterprise applications.

Axis Capital

Axis Capital

AXIS Insurance’s Professional Lines Division is a leading underwriter of technology/cyber coverage and other specialty products around the globe.

Intertrust Technologies

Intertrust Technologies

Intertrust Technologies is a software company specializing in trusted computing products and services.

Improsec

Improsec

Improsec is a fully independent Cyber Security advisory company - we provide knowledge, experience and both strategic and deep technical expertise to our clients.

CyberSecJobs.com

CyberSecJobs.com

CyberSecJobs.com is a career site and job fair company providing services and resources to the cyber security community.

Neudomains

Neudomains

Neudomains is a Corporate Domain Name Management and Brand Protection Online Specialist. One of the world's top providers of online brand protection and enforcement.

Neovera

Neovera

Neovera is a trusted provider of managed services including cyber security and enterprise cloud solutions, committed to delivering results through the innovative use of scalable enterprise-grade tech.

NJVC

NJVC

NJVC delivers IT automation, optimization and security to empower mission-enabling IT for customers with secure requirements.

Stone Forest IT (SFIT)

Stone Forest IT (SFIT)

Stone Forest IT specialises in providing advisory, implementation and managed services for IT infrastructure, IT security solutions, business applications (ERP and CRM) and business analytical tools.

Alcon Maddox

Alcon Maddox

Alcon Maddox is a niche recruitment and executive search firm specialised in sourcing exceptional Cyber Security sales and commercial leadership talent. Serving clients across the Middle East & Europe

Indevis

Indevis

Indevis provides IT security, datacenter and network solutions, accompanied by professional consulting, management and support services.

Strike Security

Strike Security

Strike Security offers a continuous penetration testing platform that combines automation with ethical hackers.

Cranium

Cranium

Cranium are an international consultancy organisation specialised in privacy, security and data management.

Ever Nimble

Ever Nimble

Ever Nimble are award-winning experts in IT support, cybersecurity, and cloud technology. Our proactive approach will enhance your security and protect you from cyber security threats.

Queen Consulting & Technologies

Queen Consulting & Technologies

Queen Consulting & Technologies specialize in providing IT support, management, and Security to Gov’t Contractors, CPAs, and Nonprofits.