Vault 7: A Simple Breakdown

Vault 7 is a collection of documents Wikileaks began releasing on March 7th 2017. It exposes details into the CIA's electronic surveillance and cyber warfare programs.

[This is a very basic breakdown of the Vault7 releases to date. If you are looking for a very simple overview with little jargon, this is a great place to start.]

Dark Matter March 23rd 2017 

Dark Matter reveals the CIA's ability to infect the firmware of Apple Mac IOS that persists even if the operating system is re-installed. It also reveals this is a "persistent" attack, allowing the user to dig in and extract information for a long period of time. This release included Sonic Screwdriver. Sonic Screwdriver allows the attacker to install the infected software into a Mac laptop or desktop by connecting a peripheral device such as a thumb drive. 

Marble Framework March 31st 2017

Marble Framework is used to hide the tracks of an attacker by hiding from current forensic and virus detection methods. This also opens up the possibilities to frame rivals for more sinister reasons.

Grasshopper April 7th 2017

Grasshopper Framework allows the user to make malware for Windows Operating Systems. Modification Modules allow the ability to mix and match different features for a customized virus. 

Hive April 14th 2017

Hive is yet another way for the CIA to gain access to a computer server and hide their tracks. It does this by appearing like a nonthreatening website.

Weeping Angel April 21st 2017

Tool designed to work with Samsung F Series Smart Televisions. Allows the user to extract information and store it.

Scribbles April 28th 2017

Scribbles is designed to work with Microsoft Office. It embeds a watermark into a document and sends a notification to a user notifying them of the documents access. This would be put into sensitive documents to help identify any whistleblowers who copy them.

Archimedes May 5th 2017

Archimedes is a tool that works within Local Area Networks (LANs). These are networks that are usually found in a smaller area. You often see LAN networks in office buildings where many computers need to access work resources. Archimedes redirects the computers browser to an exploitation server that appears to be legitimate, but gives control to the attacker.

AfterMidnight May 12th 2017

This release published documents for AfterMidnight and Assassin. Both are frameworks designed to work on Windows Operating Systems allowing to using to deliver malware to a target computer. This can be a persistent attack, allowing the user to "dig in" issuing commands and extracting information.

Athena May 19th 2017

Athena is yet another tool designed for Windows Operating Systems. It takes over the target computer giving the attacker the ability to take over the computer. They can delete information, steal information, or upload malware that can be designed to provide a variety of tasks. Similar to Scribbles, Athena embeds beacons.

Pandemic June 1st 2017

Like Archimedes, Pandemic is designed for LAN's. When implanted on a Windows machine, it will "act like a Patient Zero in the spread of a disease". When another machine within the LAN requests a file, it will copy an infected version of that file. To avoid being detected, the original file on the "Patient Zero" machine remains unchanged.

Cherry Blossom June 15th 2017

Cherry Blossom reveals the CIAs ability to target WiFi  devices by exploiting network devices such as routers. It allows the attacker to infect a device never needing physical access to it.

Brutal Kangaroo June 22nd 2017

Brutal Kangaroo was designed to target closed networks. When a computer infected with Brutal Kangaroo has a thumb stick plugged in, files copied to drive are infected with a separate infection. The attacker is now able to retrieve the infected files the next time the thumb stick connects to a network.

Elsa June 28th 2017

Once Elsa is introduced to a machine, the malware will scan for WiFi networks to communicate the geo location of device. Once this is done, an operator is able to remotely gain access to the computer and its contents. The machine does not need to be connected to the WiFi for this to work, the network only needs to be detected.

OutlawCountry June 29th 2017

OutlawCountry is malware designed to target Linux Systems and infects the machines firmware like Dark Matter. It works by redirecting files being sent by user to the attacker instead. 

I hope this helps in understanding the Vault7 releases to date. I will cover future Vault7 drops if there seems to be an audience. Any questions or feedback is encouraged. If you enjoyed this article, Please Upvote.