Tuesday, October 8, 2024
HomeSecurity NewsVault 8 Leaks: Wikileaks Revealed CIA's Secret Malware Control System called "Hive"...

Vault 8 Leaks: Wikileaks Revealed CIA’s Secret Malware Control System called “Hive” Source Code

Published on

Wikileaks revealed a source code for CIA’s Malware control system called Hive which is used by CIA to control their Malware’s that is running on the target systems.

They announced vault 8 for covering source code and development logs for tools that were described in vault 7 series.

Hive is the most Sophisticated CIA’s infrastructure that helps to solve the critical problems for Malware operators who is working behalf of CIA.

- Advertisement - EHA

An example scenario that, suppose a sophisticated CIA Malware has been discovered on the target computer by an Antivirus security researchers or victims, they can’t able find the original servers by just looking at the communication of the malware which is operating by CIA.

Also Read:  Vault 7 Leaks: CIA Tool “Protego” Used to Control Missile System and to Launching Missiles- WikiLeaks

Also, Hive solves the most critical problems even if you place a sophisticated malware on victim computer it is useless if there is no way to establish communication with its C&C server.

This Month April WikiLeaks Published the Hive related Document in Vault 7 Leaks series.

Wikileaks Published this complete document for better understanding and information about the CIA’s sophisticated covert channel for investigative journalists, forensic experts, and general Public.

Hive Provide covert communications to CIA operators that enable a whole range of CIA malware to send exfiltrated information to CIA and also receive the new Instruction from CIA malware operator.

The files in this code repository were created between August 2013 and October 2015, but the development of Hive started much earlier.

You can Download the Leaked Source code for the Hive  – Download

CIA Operation using Hive

Hive infrastructure is capable of performing multiple operations in target systems using multiple implants.

In this case, at least one cover domain has been used for each operation that was anonymously registered.

Also, a VPS (virtual private server) is using the operation domain is rented from commercial hosting providers and its software is customized according to CIA specifications. 

Accorinding to WikiLeaks, These servers are the public-facing side of the CIA back-end infrastructure and act as a relay for HTTP(S) traffic over a VPN connection to a “hidden” CIA server called ‘Blot’.

This Domain is delivering normal content to the public and if anyone visits the website then it seems like a normal domain.

Since Hive using uncommon Optional Client Authentication so that the user browsing the website is not required to authenticate.But implant that talking to Hive from Users side does authenticate themselves.

“Later Traffic from implants is sent to an implant operator management gateway called Honeycomb  while all other traffic goes to a cover server that delivers the in suspicious content for all other users”

So CIA’identitieses will impersonate and CIA exfiltration of data will not be identifiedd by target organization that looks at the network traffic coming out of its network.

Previous CIA Leaked Tools – Vault 7

Vault 7 Leaks: CIA Tool “Protego” Used to Control Missile System and to Launching Missiles- WikiLeaks

Vault 7 Leaks: CIA Hacking Tool “Angelfire” Secret Document Revealed to Compromise Windows OS – WikiLeaks

Vault 7 Leaks: CIA Conducts Secret Cyber Operation “ExpressLane” Against Their Intelligence Partners -WikiLeaks

Vault 7 Leaks: CIA Hacking Tool “CouchPotato” Remotely Capture Videos & Images -WikiLeaks

Vault 7 Leaks: CIA Cyber Weapon “Dumbo” Hack WebCams & Corrupt Video Recordings –

 Vault 7 Leaks: CIA Hacking Tools “Achilles, Aeris, SeaPea” Revealed to Hack Mac and Linux OS -WikiLeaks

Raytheon – Vault 7 Leaks: CIA Owned PoC Malware Development Surveillance Projects “UCL Under Raytheon” Leaked

 

HighRise – Vault 7 Leaks: CIA Android Ha Vault 7 Leaks: CIA Hacking Tools “Achilles, Aeris, SeaPea” Revealed to Hack Mac and Linux OS -WikiLeaks

Hacking Tool “HighRise” Steals Data From Compromised Android Phones via SMS – WikiLeaks

Gyrfalcon –  Vault 7 Leaks: CIA Cyber Weapon “BothanSpy” and “Gyrfalcon” Steals SSH Credentials From Windows and Linux Computers – WikiLeaks

OutlawCountry – Vault 7 Leaks: CIA Malware “OutlawCountry” Controls Linux Machine and Redirect the Victims Traffic into CIA Controlled Machine – WikiLeaks

ELSA – Vault 7 Leaks: CIA Malware “ELSA” Tracking Geo-Location of WiFi Enabled Windows Computers – WikiLeaks

Brutal Kangaroo – CIA Hacking Tool “Brutal Kangaroo” Revealed to Hack Air-Gapped Networks by using USB Thumb Drives -WikiLeaks CherryBlossom –  Wikileaks

Revealed New CIA Wireless Hacking Tool “Cherry Blossom” Compromise Your Wireless Network Devices using MITM Attack

Pandemic –  New CIA Cyberweapon Malware “Pandemic” installed in Victims Machine and Replaced Target files where remote users use SMB to Download

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Hackers Gained Unauthorized Network Access to Casio Networks

Casio Computer Co., Ltd. has confirmed that a third party illegally accessed its network...

Open-Source Scanner Released to Detect CUPS Vulnerability

A new open-source scanner has been released to detect a critical vulnerability in the...

Comcast Cyber Attack Impacts 237,000+ Users Personal Data

Comcast Cable Communications LLC has reported that over 237,000 users' data has been compromised....

American Water Works Cyber Attack Impacts IT Systems

American Water Works Company, Inc., a leading provider of water and wastewater services, announced...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Critical PDF.js & React-PDF Vulnerabilities Threaten Millions Of PDF Users

A new critical vulnerability has been discovered in PDF.js, which could allow a threat...

LayerX Security Raises $26M for its Browser Security Platform, Enabling Employees to Work Securely From Any Browser, Anywhere

LayerX, pioneer of the LayerX Browser Security platform, today announced $24 million in Series...

Email Header Analysis – Verify Received Email is Genuine or Spoofed

Email Header Analysis highly required process to prevent malicious threats since Email is...