Skip to main content

Brutal Kangaroo

WikiLeaks

Today, June 22nd 2017, WikiLeaks publishes documents from the Brutal Kangaroo project of the CIA. Brutal Kangaroo is a tool suite for Microsoft Windows that targets closed networks by air gap jumping using thumbdrives. Brutal Kangaroo components create a custom covert network within the target closed network and providing functionality for executing surveys, directory listings, and arbitrary executables.

The documents describe how a CIA operation can infiltrate a closed network (or a single air-gapped computer) within an organization or enterprise without direct access. It first infects a Internet-connected computer within the organization (referred to as "primary host") and installs the BrutalKangaroo malware on it. When a user is using the primary host and inserts a USB stick into it, the thumbdrive itself is infected with a separate malware. If this thumbdrive is used to copy data between the closed network and the LAN/WAN, the user will sooner or later plug the USB disk into a computer on the closed network. By browsing the USB drive with Windows Explorer on such a protected computer, it also gets infected with exfiltration/survey malware. If multiple computers on the closed network are under CIA control, they form a covert network to coordinate tasks and data exchange. Although not explicitly stated in the documents, this method of compromising closed networks is very similar to how Stuxnet worked.

The Brutal Kangaroo project consists of the following components: Drifting Deadline is the thumbdrive infection tool, Shattered Assurance is a server tool that handles automated infection of thumbdrives (as the primary mode of propagation for the Brutal Kangaroo suite), Broken Promise is the Brutal Kangaroo postprocessor (to evaluate collected information) and Shadow is the primary persistence mechanism (a stage 2 tool that is distributed across a closed network and acts as a covert command-and-control network; once multiple Shadow instances are installed and share drives, tasking and payloads can be sent back-and-forth).

The primary execution vector used by infected thumbdrives is a vulnerability in the Microsoft Windows operating system that can be exploited by hand-crafted link files that load and execute programs (DLLs) without user interaction. Older versions of the tool suite used a mechanism called EZCheese that was a 0-day exploit until March 2015; newer versions seem use a similar, but yet unknown link file vulnerability (Lachesis/RiverJack) related to the library-ms functionality of the operating system.

Links, documents:

Comments

Post a Comment

Popular posts from this blog

F-35s & AI Chips: How MBS Outplayed Washington & Beijing

GVS Deep Dive  Saudi Arabia just secured two of the most powerful assets in modern geopolitics: the U.S. F-35 stealth fighter and tens of thousands of Nvidia’s most advanced AI chips. Washington hoped this would pull Riyadh firmly back into the American orbit. But the outcome is something neither side fully expected: Mohammad bin Salman outplayed both Washington and Beijing — and used the great-power rivalry to his advantage.
Post a Comment
Read more

Greece, Palestine & Zionism: FPTV Reports from Athens

Free Palestine TV   Laith Marouf & Rabih Ghannam travel to Athens, Greece, and take a walking tour with local activists Evan Katsounis and Maria Kosmidi, to discover the rich history of anti-Zionist and anti-Fascist actions in the city, as well as the current Zionist incursion into the property sector and the counter actions directed at the presence of these War Criminals on the streets of the city. 
Post a Comment
Read more

Trump BLEW IT: Israel, Candace Owens & Epstein BURY MAGA (But Not How You Think)

Danny Haiphong   Trump has bent the knee to Israel for the last time. Patrick Henningsen exposes his horrid record and all the elements that has led to his rapidly coming collapse. 
Post a Comment
Read more

Trump RUINED: Israel First Lies & Economic Freefall Just ENDED MAGA

Danny Haiphong   Tucker Carlson isn't the only journalist breaking with Trump. In this video, Patrick Henningsen goes scorched earth on Trump's massive betrayal of what he promised his "MAGA" base and blows the lid off how his massive lies serve as a cover up for a much bigger structural problem in America's 'Israel First' political system, what Tucker and major voices in elite MAGA won't tell you.  
Post a Comment
Read more

Capitalism & Genocide - Yanis Varoufakis Speech at the Gaza Tribunal, 23rd October 2025, Istanbul

Yanis Varoufakis   On 23rd October, Yanis Varoufakis testified in front of the Jury of Conscience in the context of the Gaza Tribunal. His speech focused on the economic forces underpinning the genocide of the Palestinian people. In particular, he spoke on the manner in which capitalist dynamics have historically fuelled the white settler colonial project and, more recently, how the accumulation of a new form of capital - which he calls cloud capital - has accelerated, deepened and amplified the economic forces powering and propelling the machinery of genocide. 
Post a Comment
Read more

Varoufakis: IT technologies will overthrow Capitalism

globinfo freexchange The former Greek Minister of Finance, Yanis Varoufakis, ended his recent speech on the Future of Capitalism, at the New School, New York, with some interesting remarks. As he said: The world we live in, is increasingly rudderless, in a constant slow burning recession, while at the very same time, the increasing concentration in the IT sector is creating the new technologies that will do that which the Left has failed to do: overthrow Capitalism. It is really very simple. The moment machines pass the Turing test properly, and you pick up the phone and you do not know whether the person you are talking to is a human being or a machine ˙ the moment we are going to have 3D printers operating as public utilities - you can send any blueprint to it and it can print from one pin to a motorcycle, or to a car - the moment that this happens, we have not just a process of Schumpeterian creative destruction, but we have a process where economies of sc...
2 comments
Read more

Racing Extinction

suggested by failedevolution.blogspot 18th Thessaloniki Documentary Festival Scientists predict that humanity’s footprint on the planet may cause the loss of 50% of all species by the end of the century. They believe we have entered the sixth major extinction in Earth’s history, following the fifth great extinction which took out the dinosaurs. Our era is called the Anthropocene, or “Age of Man,” because evidence shows that humanity has sparked a cataclysmic change of the world’s natural environment and animal life. Yet, we are the only ones who can stop the change we have created. The Oceanic Preservation Society (OPS), the group behind the Academy Award-winning film The Cove, is back with a new groundbreaking documentary. Joined by new innovators, this highly charged, impassioned collective of activists brings a voice to the thousands of species teetering on the very edge of life. The director has crafted an ambitious mission to clearly and artfu...
Post a Comment
Read more

Trump Welcomes Syrian Leader & “REFORMED” TERRORIST To White House!

The Jimmy Dore Show   President Donald Trump is planning a White House welcome for Syria’s new president, former al-Qaeda in Iraq leader Ahmed al-Sharaa, who was installed after the overthrow of Bashar al-Assad. Jimmy Dore argues that the U.S. and its allies, including Israel, have long funded extremist groups such as ISIS and al-Qaeda to serve foreign policy interests in the Middle East, so the embrace of al-Sharaa makes sense, even if it might confuse anyone who thought we took seriously the so-called “War on Terror.” He and Americans’ Comedian Kurt Metzger contrast Trump’s willingness to meet with alleged terrorists to his refusal to engage in dialogue with leaders like Venezuela’s Nicolás Maduro, accusing U.S. policy of hypocrisy and imperialism.  
Post a Comment
Read more

A response to misinformation on Nicaragua: it was a coup, not a ‘massacre’

There is so much misinformation in mainstream corporate media about recent events in Nicaragua that it is a pity that Mary Ellsberg’s article for Pulse has added to it with a seemingly leftish critique. Ellsberg claims that recent articles, including from this website, often “ paint a picture of the crisis in Nicaragua that is dangerously misleading. ” Unfortunately, her own article does just that. It looks at the situation entirely from the perspective of those opposing Daniel Ortega’s government while whitewashing their malevolent behavior and downplaying the levels of US support they have relied on. Her piece is an incomplete depiction of what is happening on the ground, ignoring many salient facts that have come to light and which have been outdated by recent events. The following is a brief response to Ellsberg’s main points from someone who lives in Nicaragua and has observed the situation directly and intimately: https://grayzoneproject.com/2018/08/15/a-res...
Post a Comment
Read more

Maduro's opening to China

“ Chinese President Xi Jinping on Wednesday said he hopes Venezuela will use bilateral financing mechanisms and channel more funds to the areas of energy, mining, agriculture and industry while meeting with Venezuelan President Nicolas Maduro.” “ Financing mechanisms between the two countries total more than 50 billion U.S. dollars, according to Venezuelan experts. Financing mechanisms, including the China-Venezuela Fund, have provided financial support for some 256 projects. China and Venezuela upgraded their relationship to a comprehensive strategic partnership during Xi's visit to Venezuela in 2014, opening a new chapter in bilateral ties.” “ During their meeting, Xi called on the two sides to push bilateral ties to a higher-level. China supports Venezuela's efforts in restructuring its economy and establishing a manufacturing economic model, he said. Xi suggested the two countries push forward cooperation in the fields of oil exploration, infrastru...
Post a Comment
Read more