Wednesday, April 23, 2025
HomeMalwareCIA Hacking Tool "Brutal Kangaroo" Revealed to Hack Air-Gapped Networks by using...

CIA Hacking Tool “Brutal Kangaroo” Revealed to Hack Air-Gapped Networks by using USB Thumb Drives -WikiLeaks

Published on

SIEM as a Service

Follow Us on Google News

Wikileaks Revealed Next CIA Hacking Tool called “Brutal Kangaroo” under Vault 7 Projects that Consists of 4 Powerful Malware Components which targets closed networks by air gap jumping using thumbdrives.

WiliLeaks Vault 7 Project Revealed Few days Before CIA Cyber weapon CherryBlossom which is Specially Developed to compromise the Wireless Network Devices including wireless routers and access points.

“Brutal Kangaroo” has the ability to executing surveys, helps directory listings, and arbitrary executables by creating a custom covert network within the target closed network.

- Advertisement - Google News

This Malware contains 4 Embedded tools help to Gain Access the closed network and single air-gapped computer and get into access the Organization Directly.

Also Read  New CIA Cyberweapon Malware “Pandemic” installed in Victims Machine and Replaced Target files where remote users use SMB to Download

Embedded Tools with Brutal Kangaroo  

According to Revealed CIA  Document, these are the following compenents including with

Drifting Deadline: A thumbdrive infection tool.

Shattered Assurance: A server tool that handles automated infection of
thumbdrives and the primary mode of propagation for the Brutal Kangaroo suite.

Broken Promise: The Brutal Kangaroo postprocessor

Shadow: The primary persistence mechanism. Shadow is a stage 2 tool that is
distributed across a closed network and acts as a covert command-and-control
network

How Brutal Kangaroo Attack the air-gapped Networks

Initially  “Brutal Kangaroo”  infect the Organizations interconnected network system and install the Malware file.

CIA using various sophisticated infection technique to spread the Malware and Revealed Document doesn’t contain any Details about the initial infection.

Once primary host (A Computer that used for the first infection) within the Enterprise used for inserts a USB stick the separate Malware infect the thumb drive itself.

So its will spreading into another host, once the user takes it away from Primary and uses it for insert into another Host.

Also Read  NSA Malware “EternalBlue” Successfully Exploit and Port into Microsoft Windows 10

Brutal Kangaroo  Tool Contains 5 Configuration Vectors,

  • Execution Vector Configuration – The execution vector module controls how the tool is executed. The user must select which execution vector they wish to configure.
  • Deployment Configuration – The deployment module controls the look of the tool on disk
  • Payload Configuration – This page allows you to configure the data transfer module(s) as well as the payloads.
  • Build XML Configuration – XML Configuration file Provide the Details of all the options that the user has selected
  • Infect Flash Drive – The final page of the configuration. Once  select an available thumb drive and  select “infect”, the drive is then infected with your configuration
CIA Hacking Brutal Kangaroo Revealed to Hack Air-Gapped Networks

 By browsing the USB drive with Windows Explorer on such a protected computer, it also gets infected with exfiltration/survey malware.

CIA form a covert network to coordinate tasks and data exchange After infected Systems will be under control by CIA.

This Infection Method is very similar that Stuxnet Computer Worm used to  damage  Iran’s nuclear program.

According to CIA Document , The primary execution vector used by infected thumbdrives is a vulnerability in the Microsoft Windows operating system that can be exploited by hand-crafted link files that load and execute programs (DLLs) without user interaction. 

Also Read    New SMB Network Worm “MicroBotMassiveNet” Using 7 NSA Hacking Tools, Wannacry using only Two

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Hackers Exploit NFC Technology to Steal Money from ATMs and POS Terminals

In a disturbing trend, cybercriminals, predominantly from Chinese underground networks, are exploiting Near Field...

Threat Actors Leverage TAG-124 Infrastructure to Deliver Malicious Payloads

In a concerning trend for cybersecurity, multiple threat actors, including ransomware groups and state-sponsored...

Ransomware Actors Ramp Up Attacks Organizations with Emerging Extortion Trends

Unit 42’s 2025 Global Incident Response Report, ransomware actors are intensifying their cyberattacks, with...

New SMS Phishing Attack Weaponizes Google AMP Links to Evade Detection

Group-IB’s High-Tech Crime Trends Report 2025 reveals a sharp 22% surge in phishing websites,...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

New Malware Hijacks Docker Images Using Unique Obfuscation Technique

A recently uncovered malware campaign targeting Docker, one of the most frequently attacked services...

Hackers Deploy New Malware Disguised as Networking Software Updates

A sophisticated backdoor has been uncovered targeting major organizations across Russia, including government bodies,...

Latest Lumma InfoStealer Variant Found Using Code Flow Obfuscation

Researchers have uncovered a sophisticated new variant of the notorious Lumma InfoStealer malware, employing...