Wikileaks has published set of files dubbed “Angelfire” as a part of their Vault 7 project. The leak reveals a framework used by the CIA to infect machines using older versions of Windows operating systems, Windows XP or Windows 7. Indian organisations may be endangered due to high usage of old Windows OS.

Angelfire is a set of 5 tools named as Solartime, Wolfcreek, Keystone, BadMFS, and the Windows Transitory File system. SolarTime modifies the partition boot sector (The place in a hard drive that tells your computer where the operating system files are and how to execute them) of the system allowing CIA to inject code in even before the operating system boots up. This injected code further modifies the Windows processes which gives the CIA access to the hard drive every time a system starts up.

Wolfcreek is the injected code that is executed by Solartime. It is a self-loading master process that can be further used by the CIA to modify the machine’s processes and applications. Keystone is the framework that is used to load malicious code on the targeted systems without getting it anywhere near an antivirus solution. It injects the code can directly on the memory without even touching the file system making it completely untraceable.

EVENT

VeeamON 2026 Tour India - Delhi

A VeeamON 2026 India Leadership Series Delhi for senior public sector and government technology leaders.

📅 Fri, 19 Jun 2026

📍 Shangri-La Eros

EVENT

Infosec Reimagined

Infosec Reimagined 2026 is the premier information security summit where top leaders—CISOs, CROs, CIOs, CTOs and risk executives—converge to redefine cyber resilience.

📅 Fri, 26 Jun 2026

📍 New Delhi

EVENT

Digital Senate

Digital Senate is a premier conference uniting government leaders, technologists and innovators to share ideas, success stories and strategies on digital governance, public sector transformation, cybersecurity and emerging technologies in India.

📅 Thu, 30 Jul 2026

📍 New Delhi

EVENT

CIO Prism

CIO Prism unites forward-thinking technology leaders to exchange transformative insights, shape digital strategies, and foster innovation, empowering enterprises to excel in an era of rapid technological change.

📅 Fri, 18 Sep 2026

📍 Goa

BadMFS keeps a log of every malicious implant, drivers or executables activated by WolfCreek. Windows Transitory System is used by CIA to create files for specific actions including installation, adding files to Angelfire or removing files from Angelfire.

WikiLeaks Vault 7: CIA used Angelfire framework to infect Windows XP, Windows 7 to spy

Exclusive

AI Is the New Enterprise Operating System

Why Zero Trust could become India’s public sector tech backbone

Modernizing SAP and Oracle for the AI Era: What CIOs Must Do Differently Now

Why AI Coding Tools Need Guardrails, Not Just Good Prompts

ALSO READ

Organised fraud rings targeting e-commerce platforms, says study

Why cybersecurity is no longer an IT issue but the price of digital life

How can the public sector improve its cybersecurity systems?

Infosec Reimagined 2025: CISOs to chart AI-driven cybersecurity strategies for enterprises and public sector

Bitcoin as balance sheet strategy: Hive CFO Darcy Daubaras

Latest in TECH

AI literacy key to secure digital governance: Awanish Kumar Awasthi

BHASHINI launches VYOMA Challenge with ₹80 lakh prize for offline AI solutions

Centre launches Samadhan Didi voice chatbot for multilingual grievance filing

India’s Digital Health ID Scheme Crosses 90 Crore Registrations

Digi Yatra crosses 10 crore uses as govt plans expansion to 65 airports

RELATED ARTICLES

ABOUT US

TOPICS

BRAND SOLUTIONS

Headlines in Your Inbox

Comments

WikiLeaks Vault 7: CIA used Angelfire framework to infect Windows XP, Windows 7 to spy

Get the day's headlines from Tech Observer straight in your inbox

Subscribe to our Newsletter

RELATED ARTICLES

Comments