Skip to main content

Brutal Kangaroo

WikiLeaks

Today, June 22nd 2017, WikiLeaks publishes documents from the Brutal Kangaroo project of the CIA. Brutal Kangaroo is a tool suite for Microsoft Windows that targets closed networks by air gap jumping using thumbdrives. Brutal Kangaroo components create a custom covert network within the target closed network and providing functionality for executing surveys, directory listings, and arbitrary executables.

The documents describe how a CIA operation can infiltrate a closed network (or a single air-gapped computer) within an organization or enterprise without direct access. It first infects a Internet-connected computer within the organization (referred to as "primary host") and installs the BrutalKangaroo malware on it. When a user is using the primary host and inserts a USB stick into it, the thumbdrive itself is infected with a separate malware. If this thumbdrive is used to copy data between the closed network and the LAN/WAN, the user will sooner or later plug the USB disk into a computer on the closed network. By browsing the USB drive with Windows Explorer on such a protected computer, it also gets infected with exfiltration/survey malware. If multiple computers on the closed network are under CIA control, they form a covert network to coordinate tasks and data exchange. Although not explicitly stated in the documents, this method of compromising closed networks is very similar to how Stuxnet worked.

The Brutal Kangaroo project consists of the following components: Drifting Deadline is the thumbdrive infection tool, Shattered Assurance is a server tool that handles automated infection of thumbdrives (as the primary mode of propagation for the Brutal Kangaroo suite), Broken Promise is the Brutal Kangaroo postprocessor (to evaluate collected information) and Shadow is the primary persistence mechanism (a stage 2 tool that is distributed across a closed network and acts as a covert command-and-control network; once multiple Shadow instances are installed and share drives, tasking and payloads can be sent back-and-forth).

The primary execution vector used by infected thumbdrives is a vulnerability in the Microsoft Windows operating system that can be exploited by hand-crafted link files that load and execute programs (DLLs) without user interaction. Older versions of the tool suite used a mechanism called EZCheese that was a 0-day exploit until March 2015; newer versions seem use a similar, but yet unknown link file vulnerability (Lachesis/RiverJack) related to the library-ms functionality of the operating system.

Links, documents:

Comments

Popular posts from this blog

Israel Bomb Gaza School & Say "We're Losing The PR War"

Novara Media  

In an absolutely repulsive show, the DNC clowns of horror, ignore genocide, bow to billionaires

globinfo freexchange   The absolute moral bankruptcy of the Democratic Party was depicted perfectly during the recent DNC convention . As the genocide of Palestinians in Gaza and West Bank is still taking place, the DNC clowns of horror demonstrated their complete lack of morality, beyond any doubt.   The gathering of immoral supporters and billionaires, supposedly representing the "progressive" America, was nothing more than a confirmation that the big money and the Zionist agendas will never change to the slightest.  The DNC clowns put the LGBTQ  masks for a while, to give something to progressive voters against the alt-right Orange Clown of the Republicans. But nothing more beyond that. No planning to fight inequality and poverty. No promise to end disastrous wars. Nothing about any thought on the termination of the biggest crime of our century: the genocide of the Palestinian people.   One of the most disgusting moments was Genocide Joe's tears, not for the thousand

Telegram Founder & CEO Pavel Durov Arrested in France as Online Censorship Escalates

Glenn Greenwald  

Ongoing, Worsening Threats to Free Speech Over Israel Revealed

Glenn Greenwald  

Kamala Harris' Lies About Gaza: Don’t Fall For It

Owen Jones   I realise how desperate people are to stop Donald Trump - but that doesn't mean you should bend reality. 

The Grayzone confronts DNC VIPs on Gaza

The Grayzone   The Grayzone 's Max Blumenthal & Wyatt Reed challenge Democrat leadership and celebrity performers at #DNC2024 on the Biden-Harris support for Israel's genocide in Gaza.

Muslim Women For Harris' PULLS SUPPORT After Convention SNUB

Due Dissidence  

Greece's Wiretapping scandal: the chronicle of a cover-up

The wiretapping case had a “happy ending” for the National Security Service and the government of Kyriakos Mitsotakis, since the Supreme Court announced that it will only prosecute four private persons for misdemeanours. Here are all the steps that the investigation failed to take.   by Eliza Triantafillou / Tasos Telloglou   Part 2 - In the beginning was the Prosecutor's Office   The investigation of the case by the Public Prosecutor's Office began ex officio in April 2022, immediately after the first publications by inside story about the illegal wiretapping of journalist Thanasis Koukakis' mobile phone. However, the procedure did not move quickly –not necessarily due to the prosecutors who were assigned to the case– thus allowing for precious time to pass in favour of those involved and of course in favour of the government, which from the first moment wished to downplay the case that harmed its image. Regardless of who is to blame –the reluctance of prosecutors or, acco

US Rushing Weapons to Israel Reveals Lie of Harris ‘Working’ Towards Ceasefire

At a campaign rally on Thursday in Georgia, Democratic nominee for President Kamala Harris said that she and current US President Joe Biden are “working around the clock” to secure a hostage deal and ceasefire in Gaza. That same day, Israeli newspaper Haaretz reported that the US was “rushing” arms shipments to Israel.   Since her ascension to the top of the Democratic presidential ticket, Kamala Harris has tried to appear sympathetic to the Palestinian cause while reaffirming her strong commitment to the state of Israel, two contradictory stances that cannot possibly exist in the same place at the same time. Through their actions, Harris and the rest of the Democratic party have shown which of those two stances they back up with action and which is only empty rhetoric. According to the report, the US has been increasing weapon shipments to Israel since July and August was the second busiest month for US weapon shipments since October. The report notes that the weapons are ostensibly

Venezuela: While US Politicians Call Fraud, American Election Observers Endorse Results

by Alan Macleod   Part 4 - An Economic, Political and Psychological War   Nicolas Maduro came to power in 2013 in a similarly heavily-monitored election. The results were endorsed globally, almost without exception; the United States was the only country to refuse to recognize his victory. Since his rise to power, Washington has waged a relentless economic war on Venezuela in an attempt to strangle his administration. There are currently over 900 U.S. sanctions against the country. The effect has been devastating: under the weight of the American blockade, Venezuela’s oil industry collapsed, causing it to lose 99% of its international income. Under threats of secondary sanctions, countries and businesses refused to trade with Venezuela, causing massive shortages of food and other necessary goods. A report published by the Center for Economic and Policy Research, a D.C. think tank, found that, between 2017 and 2018, the U.S. blockade had killed more than 40,000 people. One American Unit