Wikileaks Revealed Next CIA Hacking Tool called “Brutal Kangaroo” under Vault 7 Projects that Consists of 4 Powerful Malware Components which targets closed networks by air gap jumping using thumbdrives.
WiliLeaks Vault 7 Project Revealed Few days Before CIA Cyber weapon CherryBlossom which is Specially Developed to compromise the Wireless Network Devices including wireless routers and access points.
“Brutal Kangaroo” has the ability to executing surveys, helps directory listings, and arbitrary executables by creating a custom covert network within the target closed network.
This Malware contains 4 Embedded tools help to Gain Access the closed network and single air-gapped computer and get into access the Organization Directly.
According to Revealed CIA Document, these are the following compenents including with
Drifting Deadline: A thumbdrive infection tool.
Shattered Assurance: A server tool that handles automated infection of
thumbdrives and the primary mode of propagation for the Brutal Kangaroo suite.
Broken Promise: The Brutal Kangaroo postprocessor
Shadow: The primary persistence mechanism. Shadow is a stage 2 tool that is
distributed across a closed network and acts as a covert command-and-control
network
Initially “Brutal Kangaroo” infect the Organizations interconnected network system and install the Malware file.
CIA using various sophisticated infection technique to spread the Malware and Revealed Document doesn’t contain any Details about the initial infection.
Once primary host (A Computer that used for the first infection) within the Enterprise used for inserts a USB stick the separate Malware infect the thumb drive itself.
So its will spreading into another host, once the user takes it away from Primary and uses it for insert into another Host.
Also Read NSA Malware “EternalBlue” Successfully Exploit and Port into Microsoft Windows 10
Brutal Kangaroo Tool Contains 5 Configuration Vectors,
By browsing the USB drive with Windows Explorer on such a protected computer, it also gets infected with exfiltration/survey malware.
CIA form a covert network to coordinate tasks and data exchange After infected Systems will be under control by CIA.
This Infection Method is very similar that Stuxnet Computer Worm used to damage Iran’s nuclear program.
According to CIA Document , The primary execution vector used by infected thumbdrives is a vulnerability in the Microsoft Windows operating system that can be exploited by hand-crafted link files that load and execute programs (DLLs) without user interaction.
Also Read New SMB Network Worm “MicroBotMassiveNet” Using 7 NSA Hacking Tools, Wannacry using only Two
The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS devices.…
White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch Experts…
Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan exploits…
The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on organizations…
Google has updated its Chrome browser, addressing critical vulnerabilities that posed potential risks to millions…
WrnRAT is a new malware attack that cybercriminals have deployed by using popular gambling games…