Brutal Kangaroo- WikiLeaks Vault 7
June 23, 2017
Shah Sheikh (1294 articles)

Brutal Kangaroo- WikiLeaks Vault 7

Brutal Kangaroo, a tool suite developed by the Central Intelligence Agency (CIA) to infiltrate a closed network of computers within an organization without having any direct access to the network.

A closed network of computers consists of computers that are isolated from the internet and are considered to be the most secure computers on the planet.

The tool was reported by WikiLeaks as a part of their ongoing Vault 7 leak.

The Attack

The malware first infiltrates a computer that is connected to the internet on the targeted network and once having access to this, the malware is then installed. The other technique of infecting the computer would be through a user or an employee that could infect the network using/inserting an infected USB drive. After the drive has been plugged into the computer, a server tool (Shattered Assurance) on the drive affects it with a separate malware (Drifting Deadline). The Windows operating system has a flaw that allows the execution of programs (DLLs) without the consent of the user thus making sure that infected USB drive fulfills its job. Eventually the malware spreads on to the air-gapped computers through the infected drive. It starts collecting data from the infected system covertly.

Source: Kangaroo

More details on Vault 7: