You can now find Cyber Kendra on Google News | Telegram

WikiLeaks Release CIA Two Projects Documents Targeting Network Protocol

In the Vault 7 series of CIA leaks, WikiLeaks have published another documents. Within this release, WikiLeaks have published about the two projects of CIA, named BothanSpy and Gryfalcon.

These both project was designed to intercept and exfiltrate SSH credentials which work on different operating systems with different attack vectors.

About BothanSpy
BothanSpy is an implant that targets the SSH client program Xshell on the Microsoft Windows platform and steals user credentials for all active SSH sessions. These credentials are either username and password in case of password-authenticated SSH sessions or username, filename of private SSH key and key password if public key authentication is used. 
BothanSpy can exfiltrate the stolen credentials to a CIA-controlled server (so the implant never touches the disk on the target system) or save it in an enrypted file for later exfiltration by other means. BothanSpy is installed as a Shellterm 3.x extension on the target machine.

About Grrfalcon
Gyrfalcon is an implant that targets the OpenSSH client on Linux platforms (centos,debian,rhel,suse,ubuntu). The implant can not only steal user credentials of active SSH sessions, but is also capable of collecting full or partial OpenSSH session traffic. All collected information is stored in an encrypted file for later exfiltration. It is installed and configured by using a CIA-developed root kit (JQC/KitV) on the target machine.

You can get detailed information about BothanSpy and Gyrfalcon from these link -
BothanSpy, Gyrfalcon User guide - 1 & 2.

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
Oops!
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.