Stories
Slash Boxes
Comments

SoylentNews is people

WikiLeaks Reveals 'Athena' CIA Spying Program Targeting All Versions of Windows

posted by Fnord666 on Sunday May 21 2017, @05:39AM   Printer-friendly
from the the-whole-pantheon dept.

MrPlow writes:

Submitted via IRC for TheMightyBuzzard

WikiLeaks has published a new batch of the ongoing Vault 7 leak, detailing a spyware framework – which "provides remote beacon and loader capabilities on target computers" – allegedly being used by the CIA that works against every version of Microsoft's Windows operating systems, from Windows XP to Windows 10.

Dubbed Athena/Hera, the spyware has been designed to take full control over the infected Windows PCs remotely, allowing the agency to perform all sorts of things on the target machine, including deleting data or uploading malicious software, and stealing data and send them to CIA server.

[...] According to the whistleblower organization, Athena has the ability to allow the CIA agents to modify its configuration in real time, while the implant is on target "to customize it to an operation."

"Once installed, the malware provides a beaconing capability (including configuration and task handling), the memory loading/unloading of malicious payloads for specific tasks and the delivery and retrieval of files to/from a specified directory on the target system," WikiLeaks claims.

The leaked documents suggest that Athena, written in Python programming language, was developed in August 2015, just a month after Microsoft released its Windows 10 operating system.

Interestingly, one document also suggests that the CIA agents have been advised to make sure that the spyware should not get caught by antivirus software programs, especially Kaspersky AV software.

Source: http://thehackernews.com/2017/05/athena-cia-windows-hacking.html

Original Submission

 
This discussion has been archived. No new comments can be posted.
WikiLeaks Reveals 'Athena' CIA Spying Program Targeting All Versions of Windows | Log In/Create an Account | Top | 18 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by Zyx Abacab on Sunday May 21 2017, @06:45AM (2 children)

    by Zyx Abacab (3701) on Sunday May 21 2017, @06:45AM (#512912)

    Athena, written in Python programming language

    Have we really passed into an age in which hackers are using an interpreted language for exploits? Good lord.

    Maybe it's just the wording. I mean, I guess that the payload could easily install an interpreter after it runs; and that it's the higher-level stuff that depends on Python.

    But I find it really hard to believe that any system-level malware could be written entirely in Python—especially for a platform that has never bundled a Python interpreter!

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Sunday May 21 2017, @10:32AM

    by Anonymous Coward on Sunday May 21 2017, @10:32AM (#512968)

    Why not? Most malware doesn't need to do a lot of low level stuff. And nowadays the average PC's bandwidth and CPU power is relatively high.

    In the old days a 5MB perl/python malware might be too huge, but nowadays many ad infested pages probably are close to 5MB if not larger.

    I would think it's easier to do polymorphic malware in an interpreted language - could more easily automate morphing it to pass AV scans. Think of Perl's TIMTOWTDI.

  • (Score: 2) by darkfeline on Monday May 22 2017, @05:06PM

    by darkfeline (1030) on Monday May 22 2017, @05:06PM (#513594) Homepage

    You're a few years late to the party. Someone who follows such communities more closely can elaborate, but I have heard of Python being used regularly for exploits at least two years ago.

    --
    Join the SDF Public Access UNIX System today!