Overview of tools and frameworks of the CIA

It seems an action film where a man connects a memory stick to a computer for stealing confidential information or getting remote access to computers and databases but intelligence services seem to work like this. It's not just an action film but the real world where hackers develop hacking tools and malware frameworks to fight against terrorism and crime.

This week, I'm going to leave an overview of the last hacking tools and malware frameworks developed by the CIA and published by WikiLeaks. I think, all of these tools and frameworks are interesting to know how intelligence services work:

Pandemic: This malware is able to replace genuine files to trojaned files on-the-fly in Microsoft Windows File Servers to infect targeted machines over the LAN.

Athena: This is another malware for Microsoft Windows where it's able to retrieve files or sending files to target systems and also to unload/load malicious payloads into memory.

After Midnight: This is a malware framework for Microsoft Windows which is able to upload exploits to infected machines from a C&C system via HTTPS.

Archimedes: This is a malware for Microsoft Windows where infected systems are pivot systems to perform man in the middle attacks for monitoring and logging HTTP requests, as well as redirecting requests to the desired destination.

Scribbles: This is an interesting project to track who has opened, copied or modified confidential or secret information inside the CIA. This was done for identifying insiders and whistleblowers.

Weeping Angel: This is a powerful tool to turn on the built-in microphone of Samsung Smart TV to record voices and send it to a remote server.

HIVE: This is a project to design and configure a back-end infrastructure to hide the real communication between infected systems and C&C servers.

Grasshopper Framework: This is a framework to develop malware easily. We can choose modules to develop our own malware without a deep knowledge about developing malware. It sounds great, just for CIA operators.

Marble Framework: This framework is used by CIA for hiding and changing their text fragments written in English language to another language like Chinese, Russian or Korean with the aim of hampering forensic investigators and anti-virus companies from attributing viruses, trojans and hacking attacks to the CIA.

Project Dark Matter: This is a project to infect Apple devices like Macs and iPhones that it's even able to gain persistence into re-installed devices because the malware is able to persist in the EFI firmware, kernel-space and user-space.

These are only some hacking tools and malware frameworks. I'm sure we are going to see more of this stuff soon.

Regards my friends. Enjoy and profit!!