Vault 8: Wikileaks Released Source Code of CIA Malware Hub, Project HIVE

Admin

November 10, 2017

After releasing tonnes of leaked documents, data and tools within Vault 7, now Wikileaks cameup with the new series named Vault 8.

Today, in Vault 8 series, Wikileaks have published a first batch of documents starting source code and development logs on CIA project called ProjectHIVE.

According to the Wikileaks documents-

Hive solves a critical problem for the malware operators at the CIA. Even the most sophisticated malware implant on a target computer is useless if there is no way for it to communicate with its operators in a secure manner that does not draw attention.

Hive allows its operators to control malware it installed on different devices.

This is not the first time Wikileaks point out about CIA Project Hive. In earlier series also they have described about the Project Hive.

“This publication will enable investigative journalists, forensic experts and the general public to better identify and understand covert CIA infrastructure components,” WikiLeaks said in its press release for Vault 8.

What is Project HIVE?
Earlier Wikileaks said that ProjectHIVE is an advanced command-and-control server (malware control system) that communicates with malware to send commands to execute specific tasks on the targets and receive exfiltrated information from the target machines.

HIVE serve multiple operations using multiple implants on target computers.

Each operation anonymously registers at least one cover domain (e.g. "perfectly-boring-looking-domain.com") for its own use. The server running the domain website is rented from commercial hosting providers as a VPS (virtual private server) and its software is customized according to CIA specifications.

These servers are the public-facing side of the CIA back-end infrastructure and act as a relay for HTTP(S) traffic over a VPN connection to a "hidden" CIA server called 'Blot'.

In this series Vault 8, Wikileaks will published all the source code of the tools that were discussed on Vault 7. In the first release, Wikileaks have only published source code that only contains software designed to run on servers controlled by the CIA, while WikiLeaks assures that the organisation will not release any zero-day or similar security vulnerabilities which could be abused by others.