WikiLeaks
- Alert for Linux users
Today, June
29th 2017, WikiLeaks publishes documents from the OutlawCountry
project of the CIA that targets computers running the Linux
operating system.
OutlawCountry
allows for the redirection of all outbound network traffic on the
target computer to CIA controlled machines for ex- and infiltration
purposes. The malware consists of a kernel module that creates a
hidden netfilter table on a Linux target; with knowledge of the table
name, an operator can create rules that take precedence over existing
netfilter/iptables rules and are concealed from an user or even
system administrator.
The
installation and persistence method of the malware is not described
in detail in the document; an operator will have to rely on the
available CIA exploits and backdoors to inject the kernel module into
a target operating system. OutlawCountry v1.0 contains one kernel
module for 64-bit CentOS/RHEL 6.x; this module will only work with
default kernels. Also, OutlawCountry v1.0 only supports adding covert
DNAT rules to the PREROUTING chain.
Documents:
Comments
Post a Comment