Threat Management, Threat Management, Threat Intelligence, Malware

WikiLeaks: CIA’s Brutal Kangaroo toolset lets malware hop onto closed networks

WikiLeaks on Thursday dumped more leaked CIA documents with its latest Vault 7 disclosures, this time publishing materials from a tool suite called Brutal Kangaroo that allows attackers to indirectly infiltrate a closed network or air-gapped computer using a compromised flash drive.

The documents, dated between August 2012 and February 2016, reveal how CIA hackers would use the toolset to create a "custom covert network" within infected networks in order to conduct surveillance and launch executables.

A Brutal Kangaroo infection requires several steps: First, attackers have to infect an Internet-connected computer operated by the target organization. When a user at that organization inserts a thumb drive into the infected machine, the USB stick becomes infected as well. Finally, this compromised flash drive infects the ultimate target when it is used on a closed network or air-gapped machine.

According to WikiLeaks, infected thumb drives use one of two Microsoft Windows vulnerabilities to execute malware: Older versions of Brutal Kangaroo leverage an exploit called EzCheese, while newer iterations use a "similar, but yet known vulnerability." The tool suite's components consist of various components including Drifting Deadline, a thumbdrive infection tool; Shattered Assurance, a server tool responsible for automated infection of USB drives), Broken Promise, a post processor that evaluates collected information; and Shadow, the main persistence mechanism.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.