14 DAY TRIAL // WikiLeaks today published Vault 7 “Grasshopper,” a new series of documents revealing malware developed by the CIA to break into Windows systems and bypass antivirus protection.
The 27 documents are said to come from the so-called CIA Grasshopper framework, a platform that was flagged as “secret” by the agency and which was supposed to be available only to members of the CIA.
Malware undetectable by antivirus software
The leak shows how the CIA created a cyber-espionage solution “to maintain persistence over infected Microsoft Windows computers,” WikiLeaks says, adding that the malware was designed from the very beginning to go undetected even by the world’s leading antivirus software such as Kaspersky and Symantec. Microsoft’s Windows Defender couldn’t detect it either.
The documents reveal internal guidelines used by the CIA to assist operators as they build payloads which can help collect information on target Windows systems, like the version of the operating system and the installed security products.
“An operator uses Grasshopper to build a custom installation executable, execute that installation executable on a target computer, and (optionally) decode the results of that execution,” one of the documents reads.
Modified malware created by hackers
A separate section in today’s leak points to what is called Stolen Goods (Version 2), which represents malware developed by cybercriminals across the world and modified by the CIA to go after its own targets. One such malware is Carberp, the documents indicate, which is a malware family created by hackers believed to be based in Russia.
“The persistence method, and parts of the installer, were taken and modified to fit our need. A vast majority of the original Carberp code that was used has been heavily modified. Very few pieces of the original code exist unmodified,” it’s mentioned in today’s leak.
WikiLeaks says CIA’s toolset was used between 2012 and 2015 and it received several updates, as more improvements were developed and new guides were added.
“It is CIA’s job to be innovative”
The CIA has already responded with a statement denying all these accusations, saying that the agency has “no comment on the authenticity of the purported documents.”
“The American public should be deeply troubled by any Wikileaks disclosure designed to damage the Intelligence Community’s ability to protect America against terrorists and other adversaries. Such disclosures not only jeopardize U.S. personnel and operations, but also equip our adversaries with tools and information to do us harm,” the agency said.