14 DAY TRIAL // WikiLeaks has just revealed another secret CIA project used to compromise Windows systems, this time targeting the operating system boot sector to then allow for deploying more payloads.
Codenamed project Angelfire, the hacking tools were aimed at Windows XP and Windows 7 and consisted of 5 different tools that worked together to compromise a system.
First of all, it’s Solartime, a malware component whose primary goal is to modify the boot sector to load a second module called Wolfcreek and consisting of a set of drivers that enable dumping other payloads like drivers and applications.
A third component is called Keystone and was specifically deployed by the CIA because it allowed agents to deploy additional malware on the infected systems, while the fourth is called BadMFS and represented a file system storing all the other components encrypted and obfuscated.
And the last one is Windows Transitory File System, which WikiLeaks says was designed as an alternative to BadMFS and whose purpose was to use temporary files instead of relying on a file system that locally stores information.
Known issues disclosing the malware
WikiLeaks explains that despite the complex components that Angelfire included, the hacking tools could be discovered rather easily, all due to a series of issues that even the CIA acknowledged in the leaked manuals.
For example, Keystone disguised itself as a copy of svchost.exe and was always located in C:\Windows\system32, so if the operating system was installed on a different partition or a location, the process could have triggered further analysis.
Additionally, the BadMFS file system created a file called zf which users might have come across when working on their systems. And last but not least, the CIA warns that a potential crash of any of the aforementioned components would have triggered visible notifications.
The documents aren’t dated, but since Angelfire was particularly aimed at Windows 7 and Windows XP, there’s a chance the project was developed before the debut of Windows 8 in 2012.