WikiLeaks has published a new batch of the ongoing
Vault 7 leak, detailing a spyware framework – which "provides remote beacon and loader capabilities on target computers" – allegedly being used by the CIA that works against every version of Microsoft's Windows operating systems, from Windows XP to Windows 10.
Dubbed
Athena/Hera, the spyware has been designed to take full control over the infected Windows PCs remotely, allowing the agency to perform all sorts of things on the target machine, including deleting data or uploading malicious software, and stealing data and send them to CIA server.
The leak, which includes a
user manual of Athena,
overview of the technology, and
demonstration on how to use this spyware, reveals that the program has two implications:
- Primary: Athena for XP to Windows 10
- Secondary: Hera for Windows 8 through Windows 10
According to the whistleblower organization, Athena has the ability to allow the CIA agents to modify its configuration in real time, while the implant is on target
"to customize it to an operation."
"Once installed, the malware provides a beaconing capability (including configuration and task handling), the memory loading/unloading of malicious payloads for specific tasks and the delivery and retrieval of files to/from a specified directory on the target system," WikiLeaks claims.
The leaked documents suggest that Athena, written in Python programming language, was developed in August 2015, just a month after Microsoft released its Windows 10 operating system.
Interestingly, one document also suggests that the CIA agents have been advised to make sure that the spyware should not get caught by antivirus software programs, especially Kaspersky AV software.