WikiLeaks has released the latest in its series of #Vault leaks on Friday discussing malware that provides remote beacon and loader capabilities on target computers using several Microsoft Windows operating systems. The five released documents are under the codename “Athena.”
The operating systems which can be targeted are: Windows XP Pro SP3 32-bit, Windows 7 32-bit/64-bit, Windows 8.1 32-bit/64-bit, Windows 2008 Enterprise Server, Windows 2012 Server, and Windows 10.
Once Athena is installed on a target computer, it will use a listening post to receive beacons from the operator, allowing it to give a signal and trigger additional malware payloads undetected on the target computer.
One document contained in the leak also says that Athena “hijacks” the DNSCACHE, a temporary database being maintained by the operating system to record internet traffic on the computer and to hide its presence. Only during a signal also would the command module for Athena load, before it gets destroyed when completed.
According to the leaked documents, the CIA cooperated with the private cybersecurity firm Siege Technologies to develop the Athena malware. Siege Technologies founder Jason Syversen with a background in cryptography and hacking said he set out to create something the equivalent of the military’s so-called probability of kill metric, a statistical analysis of whether an attack is likely to succeed.
Syversen said he is also more comfortable working on electronic warfare, noting that it is a little different than bombs and nuclear weapons, add to the fact that he thinks the latter is a morally complex field to be in. He argued that at least with electronic warfare, instead of bombing things and having collateral damage, civilian casualties can really be reduced. He said such translates to a “win for everybody.”
WikiLeaks also described Siege Technologies a “self-proclaimed cyber security company”. It is based in New Hampshire.