At the end of May, Wikileaks published another edition of the Vault 7 series of leaks from the CIA which expose how the CIA can Hack Windows users. Earlier in may, WikiLeaks published leaks on the CIAs “AfterMidnight” and “Assassin” malware for windows. The new leak details the malware called Athena and Hera. CIA developed the malware for windows with a private corporation named Siege Technologies. In last year, the Siege Technologies was bought by Nehemiah Security. The extended version of Athena is Hera, and it is also referred as Athena-Bravo. Athena implemented TEA encryption, while Hera implemented AES encryption.
They develop a Kill metric for the government’s cyber weapons which will analyse how effective such weapons when they are deployed. According to the article contained inside of an e-mail published by the WikiLeaks, The founder of Siege Technologies, Jason Syversen said, “I feel more comfortable operating on electronic warfare. It’s a little strange than bombs and nuclear weapons – that’s a morally complex field to be in. Now instead of destroying things and having collateral damage, you can reduce civilian casualties, which is a win for everybody.” The website of Siege Technologies states that the company aims at supporting offensive cyber war techniques and methodologies to improve predictive cyber security answers for insurance government and another market.
Read also Top 10 Deep Web Search Engines
The CIAs Athena and Hera work on 32bit and 64bit versions of Windows and in lower version of the Windows, it uses the remote access service with the help of IP support DLL iprtrmgr.dll. The installer of Athen malware enables the Remote access service which is disabled by the Windows Default. It uses the DNSache service in Windows 7, 8, 2008 Server, 2012 Server, and 10 with the help of DLL dnsext.dll. By hijacking DNScache, Hera can “obfuscate its persistence.” The malware has limited access on systems running Windows 8.1 or Windows 10 until the Hack Windows is restarted.
The malware can also work in offline mode, and they are implanted via remote access by affecting the supply chain with the support of CIA asset or with CIAs index tool. Once the malware has infected the target, the infected computer will communicate with the C&C server. When the CIA has affected the target, it gains remote access and then they will be able to exfiltrate data from the target. The additional payloads can also be delivered to the targeted computer from the server of C$C. By January 19th of last year, Siege Technologies had managed a long run test of Athena and delivered its first release nominee of Athena.
Click here to know about What is Bitcoin?
The publish of Athena, and Hera malware documents marked the ninth release of Wikileaks Vault 7 series, and for past few month, they released a new set of Vault 7 leaks. It will be expected that WikiLeaks will continue to publish more documents from the CIA in the upcoming weeks.