Vault 7: "Archimedes" :Malware Used To Hack Local Area Networks
I am going to breakdown what you need to know, in a quick concise summary, if you want to know more of the details read on into the Details Section.
What You Need To Know
Today, May 5, 2017 Wikileaks released the 7th Vault 7 leak. The leak is titled "Archimedes".
Archimedes is a tool used by the CIA to attack a computer inside a Local Area Network also knows as a LAN.
The exploit allows CIA hackers to redirect a computer's browser to a server that will exploit their system while appearing as a normal browser session.
"Archimedes is an update to a tool called ‘Fulcrum’ and it offers several improvements on the previous system, including providing a method of "gracefully shutting down the tool on demand.”
Why This Is Important
If you follow my blog and have read my other posts about Vault 7, I stated from the very beginning that the real takeaway from the leaks is the idea of retroactive attribution.
What is important is the fact that their methodology, tactics, tools and exploits have been exposed.
This effectively neuters much of the power they have.
Not only are they limited in future operations but past operations could be in jeopardy.
This is the point I think is being missed and that I really want people to understand.
Past attacks and intrusions will be examined by forensic investigators with "Vault 7" as a template.
There will be retroactive attribution.
If you are interested in Vault 7 I really encourage you to read my previous post "Vault 7: Digital Forensics"
Details
""Archimedes", a tool used by the CIA to attack a computer inside a Local Area Network (LAN), usually used in offices. It allows the re-directing of traffic from the target computer inside the LAN through a computer infected with this malware and controlled by the CIA. This technique is used by the CIA to redirect the target's computers web browser to an exploitation server while appearing as a normal browsing session."
"The document illustrates a type of attack within a "protected environment" as the the tool is deployed into an existing local network abusing existing machines to bring targeted computers under control and allowing further exploitation and abuse."
An article from news organization RT went into further detail about the exploit.
"The tool's user guide, which is dated December 2012, explains that it’s used to re-direct traffic in a Local Area network (LAN) from a "target's computer through an attacker controlled computer before it is passed to the gateway.”"
"This allows it to insert a false web-server response that redirects the target's web browser to a server that will exploit their system all the while appearing as if it’s a normal browsing session."
"The target of the attack is directed to a webpage that looks exactly like the original page they were expecting to be served, but which contains malware. It’s only possible to detect the attack by examining the page source."
"Archimedes is an update to a tool called ‘Fulcrum’ and it offers several improvements on the previous system, including providing a method of "gracefully shutting down the tool on demand.”
"An addendum from January 2014 shows that Archimedes was updated to support the ability to run on targets with multiple gateways, i.e. devices used to connect different networks."
Sources
https://wikileaks.org/vault7/releases/
https://www.rt.com/viral/387216-wikileaks-cia-vault-7/
https://steemit.com/wikileaks/@digicrypt/vault-7-digital-forensics
Please upvote and resteem if you found this post interesting!
Follow my blog @digicrypt if you want to learn more!
If you would like to donate to support my blog further you can use either of the addresses below
DASH: XgQ9NBonMoCPKhF37agY4W8zk7gwQFnwGV
Ether: XE04RO3I0QA5UKB31OZK4O3CK3TOT03R4TM
