WikiLeaks Revealed a new Document of CIA Hacking Tool called “Angelfire” which comprised of 5 integrated components that are used to Compromise the Windows Computers Especially Windows 7 and Windows XP.
Angelfire integrated componenets are Solartime, Wolfcreek, Keystone (previously MagicWand), BadMFS, and the Windows Transitory File system.
Few Day Before WikiLeaks Revealed Secret Cyber Operation Document called “ExpressLane” Against Their Intelligence Partners.
Angelfire is a Framework Designed by CIA that can load and execute custom implants (polymorphic multipartite virus) into the Targeting Windows Computer and infect partition boot sector.
Five comprised components are Performing Different Process with Angelfilre implant framework and it works on 32-bit and 64-bit versions of Windows XP and Windows 7, and on 64-bit versions of Windows Server 2008 R2.
These are the 5 Components comprised with Angelfire to infect the Windows Computer
Solartime helps to modify the partition boot sector to load some kernel code. This Modification leads to modifies the Windows boot process so that when Windows loads boot time device.
Above Solartime executes By helping of Wolfcreek kernel code. Wolfcreek can able to load other Drivers user-mode applications using its self-Loading Driver capability.
According to CIA Document, Keystone is responsible for starting user applications. Any application started by MW is done without the implant ever being dropped to the file system. In other words, a process created and the implant is loaded directly into memory. Currently, all processes will be created as svchost.
BadMFS is a covert file system that helps to store all drivers and implants that Wolfcreek will start. It uses the encryption and obfuscation techniques to avoid string or PE header scanning.
Finally, a new method called Windows Transitory File system helps to install Angelfire. CIA Document says the system allows an operator to create transitory files for specific actions including installation, adding files to Angelfire, removing files from Angelfire.
Vault 7 Leaks: CIA Hacking Tool “CouchPotato” Remotely Capture Videos & Images -WikiLeaks
Vault 7 Leaks: CIA Cyber Weapon “Dumbo” Hack WebCams & Corrupt Video Recordings – WikiLeaks
Hacking Tool “HighRise” Steals Data From Compromised Android Phones via SMS – WikiLeaks
OutlawCountry – Vault 7 Leaks: CIA Malware “OutlawCountry” Controls Linux Machine and Redirect the Victims Traffic into CIA Controlled Machine – WikiLeaks
Cybercriminals are increasingly exploiting search engine optimization (SEO) techniques and paid advertisements to manipulate search…
Cybersecurity experts have unearthed an intricate cyber campaign that leverages deceptive websites posing as the…
Hackers are exploiting what's known as "Dangling DNS" records to take over corporate subdomains, posing…
Security researchers and cybersecurity experts have recently uncovered new variants of the notorious HelloKitty ransomware,…
The RansomHub ransomware group has emerged as a significant danger, targeting a wide array of…
Threat actors are increasingly using email bombing to bypass security protocols and facilitate further malicious…