Skip to main content

Brutal Kangaroo

WikiLeaks

Today, June 22nd 2017, WikiLeaks publishes documents from the Brutal Kangaroo project of the CIA. Brutal Kangaroo is a tool suite for Microsoft Windows that targets closed networks by air gap jumping using thumbdrives. Brutal Kangaroo components create a custom covert network within the target closed network and providing functionality for executing surveys, directory listings, and arbitrary executables.

The documents describe how a CIA operation can infiltrate a closed network (or a single air-gapped computer) within an organization or enterprise without direct access. It first infects a Internet-connected computer within the organization (referred to as "primary host") and installs the BrutalKangaroo malware on it. When a user is using the primary host and inserts a USB stick into it, the thumbdrive itself is infected with a separate malware. If this thumbdrive is used to copy data between the closed network and the LAN/WAN, the user will sooner or later plug the USB disk into a computer on the closed network. By browsing the USB drive with Windows Explorer on such a protected computer, it also gets infected with exfiltration/survey malware. If multiple computers on the closed network are under CIA control, they form a covert network to coordinate tasks and data exchange. Although not explicitly stated in the documents, this method of compromising closed networks is very similar to how Stuxnet worked.

The Brutal Kangaroo project consists of the following components: Drifting Deadline is the thumbdrive infection tool, Shattered Assurance is a server tool that handles automated infection of thumbdrives (as the primary mode of propagation for the Brutal Kangaroo suite), Broken Promise is the Brutal Kangaroo postprocessor (to evaluate collected information) and Shadow is the primary persistence mechanism (a stage 2 tool that is distributed across a closed network and acts as a covert command-and-control network; once multiple Shadow instances are installed and share drives, tasking and payloads can be sent back-and-forth).

The primary execution vector used by infected thumbdrives is a vulnerability in the Microsoft Windows operating system that can be exploited by hand-crafted link files that load and execute programs (DLLs) without user interaction. Older versions of the tool suite used a mechanism called EZCheese that was a 0-day exploit until March 2015; newer versions seem use a similar, but yet unknown link file vulnerability (Lachesis/RiverJack) related to the library-ms functionality of the operating system.

Links, documents:

Comments

Popular posts from this blog

Oct. 7 Reports Implode: Beheaded Babies, NY Times Scandal, & More

Glenn Greenwald    

Πώς ο Γκρίνμπεργκ μπορεί να θάψει το καθεστώς Μητσοτάκη

του system failure    Είναι ξεκάθαρο ότι η αναμφίβολη πρωτοκαθεδρία του καθεστώτος Μητσοτάκη οφείλεται σχεδόν αποκλειστικά σε μια άκρως επιθετική επικοινωνιακή εκστρατεία που είχε καταφέρει μέχρι στιγμής να κρύβει κάτω από το χαλί (τουλάχιστον ως ένα βαθμό) τον αυταρχισμό και τη διαφθορά του καθεστώτος, καθώς και τις καταστροφικές πολιτικές που εφαρμόζει.  Και δεν είναι πλέον μυστικό, ότι ο άνθρωπος-κλειδί πίσω από αυτή την εκστρατεία είναι ο Αμερικανός δημοσιοσχετίστας, Σταν Γκρίνμπεργκ .    Όμως καθώς το καθεστώς επαναπαύθηκε στις δάφνες της νίκης των τελευταίων βουλευτικών εκλογών, τα μεγάλα προβλήματα συνέχισαν να συσσωρεύονται και φάνηκε ότι το καθεστώς είτε δεν ήθελε, είτε δεν μπόρεσε να τα αντιμετωπίσει. Έτσι, είδαμε σε σύντομο χρονικό διάστημα να έρχονται τα πρώτα σημαντικά πλήγματα στην πρωτοκαθεδρία του, μέσα από τα αποτελέσματα των δημοτικών και περιφερειακών εκλογών. Παρόλα αυτά, η αλαζονεία των καθεστωτικών στελεχών παρέμεινε αμετάβλητη, καθώς θεώρησαν ότι η τραγωδία των Τ

Zionist and US imperialist criminals are about to grab the natural gas off shore Gaza

globinfo freexchange   As the genocide against Palestinians of Gaza is about to be completed with an act of unprecedented brutality by the Zionists and butcher Netanyahu through the bombardment of about 1.4 million civilians in Rafah, it seems that they have already set their next primary goal. Which, in short, is to grab the natural gas resources off shore Gaza, together with their US imperialist buddies whose contribution to the genocide has been undoubtedly critical.     As already reported , in 2007, Hamas came to power and Israel launched an offensive on Gaza Strip, leaving behind 1,400 dead Palestinians, but taking with it the gas fields. Within a year, Israel announced the discovery of the Leviathan natural gas field, which did include Gaza's riches, valued at 453 billion dollars. But Gazans have been denied around 47 billion dollars in revenue. As for Tel Aviv, it's gunning to become a new hub. At that moment in time, that is 2022, Russian oil and gas were sanctioned.

Israel’s Descent Into Madness & the Holocaust Comparison

BreakThrough News   Rania Khalek was joined by Tarik Cyril Amar, a historian from Germany and associate professor at Koc University in Istanbul, to discuss Israel’s descent into genocidal fascism. Prof. Amar addresses whether it’s useful to make Holocaust and Nazi comparisons and the real reason behind the West’s unshakeable loyalty attitude when it comes to Israel’s barbarism.   

Neocon Queen Victoria Nuland Ends Her Reign: Exposing a Catastrophic Career

Glenn Greenwald    

The Shadowy, Intelligence-Linked Group Driving the US Towards War With Iran

"United Against Nuclear Iran does not miss an opportunity to try to bring the United States closer to a military conflict with Iran. And on the other side of the equation, they also have worked very hard to oppose efforts to de-escalate the U.S.-Iran relationship."   by Alan Macleod   Part 7 - A Lesson From History   The history of Iran has been intimately intertwined with the United States since at least 1953 when Washington orchestrated a successful coup against Prime Minister Mohammad Mosaddegh. Mosaddegh had refused U.S. demands to stamp out Communist influences in his country and had nationalized the nation’s oil. The U.S. installed Shah Mohammad Reza Pahlavi as a puppet ruler. An unpopular and authoritarian ruler, the Shah was overthrown in the Revolution of 1979. Since then, it has become a target for regime change, and its nuclear program is something of an obsession in the West. Often orchestrated by UANI officials while they were in government, the U.S. has carried

Το σκάσιμο της φούσκας Μητσοτάκη με νέα επίσημη χρεοκοπία και οριστικό τέλος της μεταπολίτευσης

του system failure   Τα αποτελέσματα των εκλογών της 25ης Ιουνίου ήταν λίγο-πολύ αναμενόμενα όσον αφορά τις πρώτες θέσεις με βάση και τα αποτελέσματα της πρώτης κάλπης του Μαίου. Αν συμπεριλάβουμε και το ποσοστό της αναμενόμενης αποχής, δεν μας έδωσαν κάποια ιδιαίτερη έκπληξη. Αυτό όμως που φαίνεται να αιφνιδίασε ακόμα και το συστημικό κατεστημένο, είναι η είσοδος των δύο υπερσυντηρητικών, ακροδεξιών κομμάτων Νίκη και Σπαρτιάτες, με το τελευταίο να έχει ξεκάθαρες διασυνδέσεις με τον πρώην Χρυσαυγίτη, Ηλία Κασιδιάρη. Παρά τη μεγάλη νίκη Μητσοτάκη, οι μιντιακοί ινστρούχτορες της καθεστωτικής προπαγάνδας εμφανίστηκαν σε γενικές γραμμές "μουδιασμένοι" και αυτό οφείλεται στο γεγονός ότι το συστημικό κατεστημένο (δηλαδή τα μεγάλα οικονομικά συμφέροντα που ελέγχουν και το σύνολο των μεγάλων ΜΜΕ πανελλαδικής εμβέλειας), πέτυχε μόνο έναν από τους τέσσερις μεγάλους στόχους που είχε θέσει εξ'αρχής. Μιλώντας με ποδοσφαιρικούς όρους, ουσιαστικά έχασε με σκορ 3-1.   Ο μεγάλος στόχος πο

Study Finds Media Giants New York Times, CNN, and Fox News Pushing for US War in Yemen

by Alan Macleod  Part 2 - Biased Reporting MintPress conducted a study of four leading American outlets: The New York Times , CNN, Fox News and NBC News. Together, these outlets often set the agenda for the rest of the media system and could be said to be a reasonable representation of the corporate media spectrum as a whole. Using the search term “Yemen” in the Dow Jones Factiva global news database, the fifteen most recent relevant articles from each outlet were read and studied, giving a total sample of 60 articles. All articles were published in January 2024 or December 2023. The study found the media wildly distorted reality, presenting a skewed picture that aided U.S. imperial ambitions. For one, every article in the study (60 out of 60) used the word “Houthis” rather than “Ansar Allah” to describe the movement which took part in the Yemeni Revolution of 2011 and rose up against the government in 2014, taking control of the capital Sanaa, becoming the new de facto government. Ma

The truth about Alexei Navalny

Glenn Greenwald / Dangerous Ideas with Lee Camp / The Hill /  

Israel Carries Out Most Sadistic Massacre, Opens Fire On Gaza Aid Convoy

Richard Medhurst