Friday, November 1, 2024
HomeData BreachVault 7 Leaks: CIA Conducts Secret Cyber Operation "ExpressLane" Against Their Intelligence...

Vault 7 Leaks: CIA Conducts Secret Cyber Operation “ExpressLane” Against Their Intelligence Partners -WikiLeaks

Published on

Malware protection

WikiLeaks Revealed a new document of CIA Secret operations called “ExpressLane” that conducts against CIA’s information sharing Service Partners (liaison services) like NSA,DHS ,and FBI.

These Secret operation Performing for collecting the BioMetric Information around the World by helping of CIA’s own biometric collection system Branch called OTS (Office of Technical Services).

Few days before CIA Hacking Tool Revealed, CouchPotato that Capture and collecting videos Streaming.

- Advertisement - SIEM as a Service

CIA Considering this voluntary sharing is not enough and ExpressLane that is collecting the covert information by CIA  secretly exfiltrate data collections from such systems provided to liaison services.

OTS agents installed and run ExpressLane with the cover of upgrading the biometric software by that the liaison sites.

OTS system’s code components are based on products from Cross Match, a biometric software for law enforcement and the Intelligence Community.

How Does ExpressLane Tool Works

OTS (Office of Technical Services)Provide the liaison services with biometric information collecting system.

According to CIA Document, ExpressLane Helps to verify the date that is being Shared with the Agency and also giving an ability the disable the biometric software if liaison doesn’t provide the Agency with continued access.

Since it’s a BioMetric information Stealing Operation, the Target System must have an Access for USB port for the thumb drive.

Two Ways to Deploy the ExpressLane into Target Network.

1.First one At Headquarters before delivery of the biometric system to a Liaison Service
2.Second as part of an upgrade to the biometric system.

OTS officers install the ExpressLane 3.1.1  when a biometric system has given to Liaison as part of an upgrade to the biometric system.

The new version of ExpressLane enables the Upgrade Installation screen with a progress bar which appears when upgrading the biometric software.

OTS Request to upgrade the Biometric Software to install this Program and This installation time for the upgrade can be pre-determined by an OTS officer.

Here, ExpressLane sends the collected data to a watermarked thumb drive. and the Files that used to update the Biometric will be saved into Specific Location.

when watermarked thumb inserted into Target system, Another part of this Program called MOBSLangSvc.exe Helps to collect the data files encrypted and compressed.

Collection occurs even if no one is logged in.Kill date is modified by inserting a watermarked USB drive.

CreatePartition v3.1.1 supporting tool will be install before installing ExpressLane v3.1.1 on a target machine.

View the configuration of partition and options on the thumb drive and Reset the thumb drive – remove the hidden partition.

WikiLeaks

Installation Tool

After Post-processing of Collected Data, ExitRamp 3.1.1 is used on a Base system Headquarters to collect the data from the covert partition of a thumb drive used by ExpressLane v3.1.1. 

WikiLeaks

Post Processing of collection data

Here you can Visit the Previously Disclosed  CIA Cyber Weapons.

Previous CIA Leaked Tools by WikiLeaks

Vault 7 Leaks: CIA Hacking Tool “CouchPotato” Remotely Capture Videos & Images -WikiLeaks

Vault 7 Leaks:CIA Cyber Weapon “Dumbo” Hack WebCams & Corrupt Video Recordings – WikiLeaks

 Vault 7 Leaks : CIA Hacking Tools “Achilles, Aeris, SeaPea” Revealed to Hack Mac and Linux OS -WikiLeaks

Raytheon – Vault 7 Leaks : CIA Owned PoC Malware Development Surveillance Projects “UCL Under Raytheon” Leaked – WikiLeaks

HighRise – Vault 7 Leaks : CIA Android Ha Vault 7 Leaks : CIA Hacking Tools “Achilles, Aeris, SeaPea” Revealed to Hack Mac and Linux OS -WikiLeaks

Hacking Tool “HighRise” Steals Data From Compromised Android Phones via SMS – WikiLeaks

Gyrfalcon –  Vault 7 Leaks: CIA Cyber Weapon “BothanSpy” and “Gyrfalcon” Steals SSH Credentials From Windows and Linux Computers – WikiLeaks

OutlawCountry – Vault 7 Leaks: CIA Malware “OutlawCountry” Controls Linux Machine and Redirect the Victims Traffic into CIA Controlled Machine – WikiLeaks

ELSA – Vault 7 Leaks: CIA Malware “ELSA” Tracking Geo-Location of WiFi Enabled Windows Computers – WikiLeaks

Brutal Kangaroo – CIA Hacking Tool “Brutal Kangaroo” Revealed to Hack Air-Gapped Networks by using USB Thumb Drives -WikiLeaks

CherryBlossom –  Wikileaks Revealed New CIA Wireless Hacking Tool “Cherry Blossom” Compromise Your Wireless Network Devices using MITM Attack

Pandemic –  New CIA Cyberweapon Malware “Pandemic” installed in Victims Machine and Replaced Target files where remote users use SMB to Download

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Grayscale Investments Data Breach Exposes 693K User Records Reportedly Affected

Grayscale Investments, a prominent crypto asset manager, has reportedly suffered a data breach affecting...

Northern Ireland Police to Pay £750,000 Fine Following Data Breach

The Police Service of Northern Ireland (PSNI) has been ordered to pay a £750,000...

Google Warns Of North Korean IT Workers Have Infiltrated The U.S. Workforce

North Korean IT workers, disguised as non-North Koreans, infiltrate various industries to generate revenue...