Skip to main content

Brutal Kangaroo: How CIA Hacked Offline Computers Using Infected USB Drives

By

cia kangaroo
Brutal Kangaroo malware is the latest addition to the ongoing WikiLeaks Vault 7 leaks. Published earlier this week, the leaked documents show how the CIA hacked offline and air-gapped computers using USB drives. Brutal Kangaroo is basically a combination of 4
tools which work together. The malware used Windows operating system vulnerabilities to targeted air-gapped computers.
Earlier this month, we told you about the latest leak in the WikiLeaks Vault 7 series. The leaked CherryBlossom firmware was made for taking control of the traffic by finding its way into network routers. Now, WikiLeaks has published the new set of secret documents of which further shed light on CIA’s hacking operations.
The latest documents are 150 pages in length, and they describe a CIA malware toolkit named Brutal Kangaroo for taking control of air-gapped computers by using specialized USB drives. According to WikiLeaks, the components of Brutal Kangaroo create a covert network within the target network, which makes the job easier.
It should be noted that Brutal Kangaroo contains 4 chief components — Drifting Deadline (thumb drive infection tool), Shattered Assurance (server tools for handling thumb drive infection), Broken Promise (postprocessor to take care of the collected information), Shadow (primary persistence mechanism).

brutal kangaroo malware cia 1
Image: WikiLeaks

Brutal Kangaroo is able to infect USB thumb drives using a Windows operating system flaw which can be exploited by hand-crafted link files. In the next step, when an infected drive is inserted in the target computer using Windows 7 and .Net 4.5, Drifting Deadline component deploys the malware.
After infection, Shadow scans the other computers connected to the network and infects them. Lastly, Broken Promise scans the data from the air-gapped devices and exfiltrate it.

brutal kangaroo malware cia 1
Image: WikiLeaks

Brutal Kangaroo malware also supports multiple infections in the same network by using Shadow component. If we combine all the components of Brutal Kangaroo together, it becomes a very useful tool to hack the air-gapped machines.
You can read Brutal Kangaroo’s user manual leaked by WikiLeaks here and get more information about the attack. Find our complete WikiLeaks Vault 7 coverage here.
Labels:

Comments

Post a Comment

Follow Us

WHAT'S HOT

Best Gaming Linux Distros You Need To Try In 2017

By
Gaming on Linux scene is improving each year with better hardware support and increasing support from game developers. Apart from established distros like Ubuntu and Arch Linux, gamers are using gaming Linux distros like Steam OS to get a better experience. The other It’s gaming operating systems are Sparky Linux – Gameover
Post a Comment
Continue Reading »

Learn How To Activate iOS 11 Dark Mode

By
Apart from all the major iOS 11 features and changes, there are some hidden and minor features as well. In this release, Apple has included a feature named Smart Invert Colors, which is the closest you can get while looking for an iOS 11 dark mode.
Post a Comment
Continue Reading »

Microsoft Set To Put Fingerprint Sensor In Keyboard Keys

By
According to a new patent titled “ Keyset Fingerprint Sensor ,” Microsoft might be working to integrate the fingerprint sensor in keyboard keys. The fingerprint recognition might be done
Post a Comment
Continue Reading »

Latest Linux Distribution Releases List

By
This list is prepared with the inputs from different Linux distro developers and the official release notes. But, before going ahead and taking a look at latest releases, don’t forget to check out our useful lists of best Linux distros of 2017: Best Linux Distro For Beginners Best Linux Distro For Gamers Best Lightweight Linux Distros Best Operating Systems For Ethical Hacking Linux Distribution Releases (July 2017) Linux Mint 18.2 Release Date: July 2nd, 2017 You can read about Linux Mint 18.2 Sonya in detail  on 9jabreezeland . 4MLinux 22.0 Release Date: July 1st, 2017 4MLinux 22.0 is the latest stable release. It comes loaded with LibreOffice 5.4.0.1, GIMP 2.8.22, Dropbox 28.4.14, Firefox 54.0, Chromium 59.0.3071.86, etc. The biggest change comes with 4MLinux Server, which is a lightweight and fast server Linux distro. You can read more about 4MLinux 22.0  here . Netrunner 17.06 Release Date: July 1st, 2017 Netrunner 17.06, codenamed Daed...
Post a Comment
Read more