The WikiLeaks whistleblowing platform released Thursday new documents from the Vault 7 series, which contain information on the tool which the CIA used to load and execute implants targeting computers using Microsoft Windows operating systems.
The WikiLeaks whistleblowing platform released Thursday new documents on the CIA tool called Angelfire. It is an implant comprising of five components: Solartime, Wolfcreek, Keystone (previously MagicWand), BadMFS, and the Windows Transitory File system, according to Wikileaks.
The CIA reportedly uses Angelfire to load and execute malicious user applications on target computers. One of tool’s components modifies the boot sector, allowing the implants to be downloaded simultaneously with Windows’ boot time device drivers. Loaded implants never touch the file system, so it is rather difficult to track the process.
“Like previously published CIA projects (Grasshopper and AfterMidnight) in the Vault7 series, it is a persistent framework that can load and execute custom implants on target computers running the Microsoft Windows operating system (XP or Win7),” the statement from Wikileaks reads.
WikiLeaks released the first batch from the Vault 7 project in March, containing a total of 8,761 documents. The latest release, dedicated to a CIA project allowing for the secret collection of biometric data from US liaison services, took place on August 24.