Wikileaks Vault7 CIA Tools Dump, Parts 14 and 15, OutlawCountry, BothanSpy, Gyrfalcon
By MDL on July 7, 2017
The malware known as OutlawCountry, BothanSpy, and Gyrfalcon are the focus of Wikileaks’ most recent file dumps in the ongoing Vault7 series of purportedly stolen and leaked CIA files.
OutlawCountry is a tool that targets Linux systems (CentOS and RedHat) and allows the attacker to create new firewall rules that take precedence over existing rules. BothanSpy and Gyrfalcon are used to steal SSH credentials from Windows and Linux machines, respectively.
The Vault7 leaked files, unlike the Shadow Brokers NSA tools leaks, consist mainly of documentation and not the tools or code used in exploits. The Vault7 files also often appear to be up to a few years old. The documentation for these most recently leaked tools is dated between 2013 and 2015.
SecurityWeek, ‘OutlawCountry’ Tool Used by CIA to Target Linux Systems
RedHat, I’m concerned about the OutlawCountry exploit
Fossbytes, BothanSpy & Gyrfalcon: CIA Malware To Steal SSH Credentials From Windows & Linux PCs
Bleeping Computer, CIA Malware Can Steal SSH Credentials, Session Traffic
-
Global Weekly Executive Summary, 02 November 2018
Global Weekly Executive Summary, 02 November 2018
11/7/2018 -
Global Weekly Executive Summary, 3 August 2018
Global Weekly Executive Summary, 3 August 2018
8/3/2018 -
Global Weekly Executive Summary, 21 MAY 2018
Global Weekly Executive Summary, 21 MAY 2018
6/22/2018