Friday, August 19, 2022
-Advertisement-
-Advertisement-
Tech ObserverNewsCyber SecurityWikiLeaks Vault 7: CIA used Angelfire framework to infect Windows XP, Windows 7 to spy

WikiLeaks Vault 7: CIA used Angelfire framework to infect Windows XP, Windows 7 to spy

Wikileaks has published set of files dubbed “Angelfire” as a part of their Vault 7 project. The leak reveals a framework used by the CIA to infect machines using older versions of Windows operating systems, Windows XP or Windows 7.

Wikileaks has published set of files dubbed “Angelfire” as a part of their Vault 7 project. The leak reveals a framework used by the CIA to infect machines using older versions of Windows operating systems, Windows XP or Windows 7.

Wikileaks has published set of files dubbed “Angelfire” as a part of their Vault 7 project. The leak reveals a framework used by the to infect machines using older versions of Windows operating systems, or Windows 7. Indian organisations may be endangered due to high usage of old Windows OS.

Angelfire is a set of 5 tools named as Solartime, Wolfcreek, Keystone, BadMFS, and the Windows Transitory File system. SolarTime modifies the partition boot sector (The place in a hard drive that tells your computer where the operating system files are and how to execute them) of the system allowing CIA to inject code in even before the operating system boots up. This injected code further modifies the Windows processes which gives the CIA access to the hard drive every time a system starts up.

Wolfcreek is the injected code that is executed by Solartime. It is a self-loading master process that can be further used by the CIA to modify the machine’s processes and applications. Keystone is the framework that is used to load malicious code on the targeted systems without getting it anywhere near an antivirus solution. It injects the code can directly on the memory without even touching the file system making it completely untraceable.

BadMFS keeps a log of every malicious implant, drivers or executables activated by WolfCreek. Windows Transitory System is used by CIA to create files for specific actions including installation, adding files to Angelfire or removing files from Angelfire.

Subscribe to receive the day's headlines from Tech Observer straight in your inbox

- Advertisement -

Your Comment on this Story

Comments

Share on activity feed

Powered by WP LinkPress

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Subscribe to our Newsletter

83000+ Industry Leaders read it everyday

By subscribing you agree to our Privacy Policy, T&C and consent to receive newsletters and other important communications.
- Advertisement -ESDS SAP HANA Community Cloud
- Advertisement -Digital Senate 2022

RELATED ARTICLES

- Advertisement -