WikiLeaks’ Vault 8 Leaks Show CIA Impersonated Kaspersky Lab
from target Windows machines.
The technical details for Hive were released back on April 14th, 2017 in
Vault 7 series of documents.
Vault 7 series was aimed at detailing activities and hacking capabilities of the CIA to perform electronic surveillance and cyber warfare.
During the series, WikiLeaks released technical details on 23 tools that
were allegedly used by the agency to hack Smart TVs, cars , web browsers , operating systems
(including Windows, Mac , and Linux ), smartphone, operating system (including Android and iOS ), VLC
player , webcams, and microphones .
However, the latest release has been carried out under the code name of Vault 8.
The Vault 8 series will only expose source codes for previously leaked
implants.
“This publication will enable investigative journalists,
forensic experts, and the general public to better
identify and understand covert CIA infrastructure
components,” WikiLeaks said.
“Hive solves a critical
problem for the malware operators at the CIA. Even
the most sophisticated malware implant on a target
computer is useless if there is no way for it to
communicate with its operators in a secure manner
that does not draw attention,” said the official press
release .
Hive works as a communication tool between
malware and “cover domains.” These domains seem
harmless and “perfectly-boring-looking” to visitors
however traffic from implants communicating with
these domains is sent to an implant operator
management gateway called Honeycomb.
The collected data is then sent back to the CIA.
According to WikiLeaks, CIA used these fake
certificates to impersonate existing entities
including Kaspersky Lab.
“The three examples included in the source code
build a fake certificate for the anti-virus company
Kaspersky Laboratory, Moscow pretending to be
signed by Thawte Premium Server CA, Cape Town.
In this way, if the target organization looks at the
network traffic coming out of its network, it is likely
to misattribute the CIA exfiltration of data
to uninvolved entities whose identities have been
impersonated,” noted WikiLeaks.
Remember, the US government has banned
Kaspersky Lab for its alleged links with Russia.
However, after the release of Hive’s source code, it’s
unclear if the CIA only impersonated Kaspersky Labs
or also hacked their system to frame the
cybersecurity giant and bring Russia under fire.
Also, Israel played a vital role in hacking Kaspersky
Labs. In October this year, it was reported that in
2015 Israeli spies managed to access Kaspersky’s
backend systems and identified that Russian hackers
were discreetly using the software both as a
universal search engine and a spying tool.
No comments: