WikiLeaks Vault 7: CIA used Angelfire framework to infect Windows XP, Windows 7 to spy

Wikileaks has published set of files dubbed “Angelfire” as a part of their Vault 7 project. The leak reveals a framework used by the CIA to infect machines using older versions of Windows operating systems, Windows XP or Windows 7.

Must Read

How to choose an effective DDoS mitigation plan

There are several flavours from which to choose when selecting an effective DDoS mitigation strategy. Most enterprises opt for one of the cloud protection flavours (always-on or on-demand)

How tech bolster security of online gaming platforms

The rise of and is evident throughout the world’s financial capitals with the UK, US, and a few other European nations at the forefront

Explained: The evolving nature of cybersecurity threats

Concerns such as hacking and the presence of computer viruses have existed for decades in one form or another. As technology evolved over the years, so did the cybersecurity  threats themselves.

Wikileaks has published set of files dubbed “Angelfire” as a part of their Vault 7 project. The leak reveals a framework used by the to infect machines using older versions of Windows operating systems, Windows XP or Windows 7. Indian organisations may be endangered due to high usage of old Windows OS.

Angelfire is a set of 5 tools named as Solartime, Wolfcreek, Keystone, BadMFS, and the Windows Transitory File system. SolarTime modifies the partition boot sector (The place in a hard drive that tells your computer where the operating system files are and how to execute them) of the system allowing CIA to inject code in even before the operating system boots up. This injected code further modifies the Windows processes which gives the CIA access to the hard drive every time a system starts up.

Wolfcreek is the injected code that is executed by Solartime. It is a self-loading master process that can be further used by the CIA to modify the machine’s processes and applications. Keystone is the framework that is used to load malicious code on the targeted systems without getting it anywhere near an antivirus solution. It injects the code can directly on the memory without even touching the file system making it completely untraceable.

BadMFS keeps a log of every malicious implant, drivers or executables activated by WolfCreek. Windows Transitory System is used by CIA to create files for specific actions including installation, adding files to Angelfire or removing files from Angelfire.

Subscribe to receive the day's headlines from Tech Observer straight in your inbox

Leave a Reply

*The moderation of comments is automated and not cleared manually by techobserver.in. Embedding of any link and use of abusive or unparliamentary language are prohibited.
- Advertisement -

Latest in TECH

Sapience Analytics signs distribution agreement with Redington

Sapience Analytics and Redington said that they have entered into a distribution agreement where latter will resell the Sapience Vue solution through its network of over 30,000 channel partners, system integrators, and value-added resellers countrywide.
- Advertisement -SAP Hana

Related Articles