The CIA has developed strains of malware specifically designed to target Linux computers. The existence of the malware, known as OutlawCountry, was revealed by WikiLeaks. The leaked user manual — dated 04 June 2015 — details a kernel module for Linux 2.6 that allows CIA operatives to divert traffic from a Linux machine to a chosen destination. The Vault 7 leaks continue to flow thick and fast from WikiLeaks, shedding more and more light on the hacking and infiltration capabilities of the CIA.
With Linux-based operating systems usually lauded for their impenetrability, news of a possible chink in the armour will undoubtedly cause concern. With OutlawCountry, it seems the CIA was able to redirect network traffic from a target machine to an agency-controlled machine for infiltration. Shell access and root privileges are needed to install OutlawCountry, meaning CIA operatives must compromise machines via other means before deploying this malware strain.
OutlawCountry redirects outgoing Internet traffic:
OutlawCountry allows for the redirection of all outbound network traffic on the target computer to CIA controlled machines for ex- and infiltration purposes. The malware consists of a kernel module that creates a hidden netfilter table on a Linux target; with knowledge of the table name, an operator can create rules that take precedence over existing netfilter/iptables rules and are concealed from a user or even system administrator.
The installation and persistence method of the malware is not described in detail in the document; an operator will have to rely on the available CIA exploits and backdoor to inject the kernel module into a target operating system. OutlawCountry v1.0 contains one kernel module for 64-bit CentOS/RHEL 6.x; this module will only work with default kernels. Also, OutlawCountry v1.0 only supports adding covert DNAT rules to the PREROUTING chain.
Spying on Linux servers:
OutlawCountry can be used for both servers and regular desktops. Once Victims Traffic successful Redirected to CIA operator Control, then CIA can able to sniff Victims Activities and it will be used for other Attacks and it leads to compromise entire Victims network. If the Malware leads to occur more damage if its performed with Linux Based servers and it cause to sniff many users traffic which under the compromised server control.
Below is a list of the most notable WikiLeaks "Vault 7" dumps:
ᗙ Weeping Angel - tool to hack Samsung smart TVs
ᗙ Fine Dining - a collection of fake, malware-laced apps
ᗙ Grasshopper - a builder for Windows malware
ᗙ DarkSeaSkies - tools for hacking iPhones and Macs
ᗙ Scribble - beaconing system for Office documents
ᗙ Archimedes - a tool for performing MitM attacks
ᗙ AfterMidnight and Assassin - malware frameworks for Windows
ᗙ Athena - a malware framework co-developed with a US company
ᗙ Pandemic - a tool for replacing legitimate files with malware
ᗙ CherryBlossom - a tool for hacking SOHO WiFi routers
ᗙ Brutal Kangaroo - a tool for hacking air-gapped networks
ᗙ ELSA - malware for geo-tracking Windows users
No comments:
Post a Comment