Skip to main content

Brutal Kangaroo

WikiLeaks

Today, June 22nd 2017, WikiLeaks publishes documents from the Brutal Kangaroo project of the CIA. Brutal Kangaroo is a tool suite for Microsoft Windows that targets closed networks by air gap jumping using thumbdrives. Brutal Kangaroo components create a custom covert network within the target closed network and providing functionality for executing surveys, directory listings, and arbitrary executables.

The documents describe how a CIA operation can infiltrate a closed network (or a single air-gapped computer) within an organization or enterprise without direct access. It first infects a Internet-connected computer within the organization (referred to as "primary host") and installs the BrutalKangaroo malware on it. When a user is using the primary host and inserts a USB stick into it, the thumbdrive itself is infected with a separate malware. If this thumbdrive is used to copy data between the closed network and the LAN/WAN, the user will sooner or later plug the USB disk into a computer on the closed network. By browsing the USB drive with Windows Explorer on such a protected computer, it also gets infected with exfiltration/survey malware. If multiple computers on the closed network are under CIA control, they form a covert network to coordinate tasks and data exchange. Although not explicitly stated in the documents, this method of compromising closed networks is very similar to how Stuxnet worked.

The Brutal Kangaroo project consists of the following components: Drifting Deadline is the thumbdrive infection tool, Shattered Assurance is a server tool that handles automated infection of thumbdrives (as the primary mode of propagation for the Brutal Kangaroo suite), Broken Promise is the Brutal Kangaroo postprocessor (to evaluate collected information) and Shadow is the primary persistence mechanism (a stage 2 tool that is distributed across a closed network and acts as a covert command-and-control network; once multiple Shadow instances are installed and share drives, tasking and payloads can be sent back-and-forth).

The primary execution vector used by infected thumbdrives is a vulnerability in the Microsoft Windows operating system that can be exploited by hand-crafted link files that load and execute programs (DLLs) without user interaction. Older versions of the tool suite used a mechanism called EZCheese that was a 0-day exploit until March 2015; newer versions seem use a similar, but yet unknown link file vulnerability (Lachesis/RiverJack) related to the library-ms functionality of the operating system.

Links, documents:

Comments

Post a Comment

Popular posts from this blog

Capitalism & Genocide - Yanis Varoufakis Speech at the Gaza Tribunal, 23rd October 2025, Istanbul

Yanis Varoufakis   On 23rd October, Yanis Varoufakis testified in front of the Jury of Conscience in the context of the Gaza Tribunal. His speech focused on the economic forces underpinning the genocide of the Palestinian people. In particular, he spoke on the manner in which capitalist dynamics have historically fuelled the white settler colonial project and, more recently, how the accumulation of a new form of capital - which he calls cloud capital - has accelerated, deepened and amplified the economic forces powering and propelling the machinery of genocide. 
Post a Comment
Read more

Exposed: USA plans to use this country to hurt China & help Israel

Geopolitical Economy Report   In Cold War Two, the USA is pressuring countries to cut ties with China and recognize Taiwan separatists. Donald Trump blatantly meddled in Honduras' 2025 election and backed a political coup to put in power right-wing oligarch Nasry "Tito" Asfura, who strongly supports Taiwan and Israel. Ben Norton discusses US imperialism in Latin America.  
Post a Comment
Read more

Iran’s Missiles will DESTROY US Bases & Israel if Trump Attacks

Danny Haiphong   Iran is ready for war, and its hypersonic ballistic missile system could destroy Israel & US military presence forever says Scott Ritter who joined the show to break down the consequences of Trump's march to war with Iran. The former UN Weapons Inspector does a deep dive into Iran's readiness and why it should terrify Trump & Israel together. 
Post a Comment
Read more

Iranian Seyed M. Marandi: What REALLY happened in Iran & why U.S. wants to destroy the country

Li Jingjing 李菁菁   Track records of Western interventions tell us we need to be skeptical and cautious whenever some Western politicians and pundits claim they want to liberate people in another country and bring them democracy. Seyed Mohammad Marandi is a professor at the University of Tehran in Iran. In this episode, he told Li Jingjing what happened during the protests in Iran and how Western sanctions hurt the lives of ordinary Iranians.
Post a Comment
Read more

Israel & CIA Behind Iran Protests To Get U.S. To Attack!

The Jimmy Dore Show    As protests in Iran have heated up, western media has actively exaggerated and selectively framed the violence by using casualty figures from U.S.- and Israel-funded NGOs — all in order to build public support for another regime-change war. Former CIA officer John Kiriakou and guest Scott Ritter claim protests were infiltrated by foreign intelligence networks and that Israel and the U.S. are using “human rights” narratives similarly to the way they were used in Iraq and Syria.   Dore and Ritter contend that Iran’s government responded to armed unrest rather than peaceful protest, while mainstream outlets ignore attacks on police and public infrastructure. They warn that propaganda, sanctions, and media coordination are laying the groundwork for a wider U.S.–Israel conflict with Iran. 
Post a Comment
Read more

US & Israel support protests in Iran: Trump calls for regime change

Geopolitical Economy Report   The US government is openly backing the protests in Iran. An Israeli media outlet admitted foreign powers are arming Iranian rioters with weapons to try to overthrow the government. Ben Norton explains the geopolitical context and why the USA has sought regime change ever since the 1979 Iranian Revolution.   
Post a Comment
Read more

Ο βασικός λόγος που ο Τραμπ διστάζει να χτυπήσει το Ιράν

"Μικρά και ασήμαντα" από τον Πίκο Απίκο Ο βασικός λόγος που δεν έγινε η επίθεση στο Ιράν, είναι το γεγονός ότι πρόσφατα, το Ιράν αποχώρησε από το δορυφορικό σύστημα GPS που είναι Αμερικανικό και εντάχθηκε στο Κινεζικό BeiDou. Που σημαίνει ότι οι Αμερικανοί δεν έχουν τη δυνατότητα να σαμποτάρουν τους Ιρανικούς πυραύλους.  Έτσι εξηγείται και το μεγάλο ποσοστό ευστοχίας των Ιρανικών πυραύλων στην τελευταία σύγκρουση με το Ισραήλ, μέσα στο Ισραηλινό έδαφος. Αλλά και το γεγονός ότι πριν λίγες μέρες, οι ίδιοι οι Ισραηλινοί ζήτησαν τη διαμεσολάβηση της Ρωσίας, προκειμένου να αποκλιμακωθεί η ένταση με το Ιράν, αφού Ισραηλινές εφημερίδες και αξιωματούχοι είχαν παραδεχθεί ανοιχτά την παρουσία πρακτόρων της Μοσάντ σε Ιρανικό έδαφος και τον κομβικό τους ρόλο στις πρόσφατες εξεγέρσεις. Οι Αμερικανοί επομένως γνωρίζουν ότι αυτή τη στιγμή οι Ιρανοί έχουν τη δυνατότητα να χτυπήσουν Αμερικανικές βάσεις (όπως απείλησαν ότι θα κάνουν αν ο Τραμπ κάνει πράξη τις απειλές του), χωρίς να μπορούν να ...
Post a Comment
Read more

A response to misinformation on Nicaragua: it was a coup, not a ‘massacre’

There is so much misinformation in mainstream corporate media about recent events in Nicaragua that it is a pity that Mary Ellsberg’s article for Pulse has added to it with a seemingly leftish critique. Ellsberg claims that recent articles, including from this website, often “ paint a picture of the crisis in Nicaragua that is dangerously misleading. ” Unfortunately, her own article does just that. It looks at the situation entirely from the perspective of those opposing Daniel Ortega’s government while whitewashing their malevolent behavior and downplaying the levels of US support they have relied on. Her piece is an incomplete depiction of what is happening on the ground, ignoring many salient facts that have come to light and which have been outdated by recent events. The following is a brief response to Ellsberg’s main points from someone who lives in Nicaragua and has observed the situation directly and intimately: https://grayzoneproject.com/2018/08/15/a-res...
Post a Comment
Read more

Jeffrey Sachs: The US is a violent regime

CGTN   Shortly after US President Donald Trump announced on social media that American forces had carried out military actions against Venezuela, President Nicolas Maduro and his wife Cilia Flores were forcibly taken to New York City to face US charges including narco-trafficking. Speaking with CGTN's Tian Wei, Columbia University professor Jeffrey Sachs warned that such actions reflect a broader pattern of militarized US foreign policy. By sidelining international law and disregarding the UN Charter, Washington is undermining the very framework meant to safeguard global peace and prevent another era of devastating wars. 
Post a Comment
Read more

Billionaires are social distancing in super yachts as tens of millions lose jobs

Everyday, it becomes clearer: the COVID-19 pandemic is hitting poor, working, and marginalized communities the hardest. Millions of workers – especially low-wage retail, food service, hospitality, and care workers – have faced the terrible choice daily between going to work and risking their health, or staying home and risking their paychecks. Many other workers don’t even have that choice, with around 30 million people in the US filing for unemployment in the past six weeks. But billionaires don’t face these same problems. As tens of millions have lost their jobs over the past two months, billionaire wealth soared by a whopping $282 billion between March 18 and April 10, according to a new study from the Institute for Policy Studies.  And while finding enough space to wait out the pandemic is something many struggle with, billionaires have been escaping to their second (or third, or fourth) homes to ride it out in luxury – all while they position themselves to ...
Post a Comment
Read more