WikiLeaks Releases HIVE, CIA Virus Control System

WikiLeaks Releases HIVE, CIA Virus Control System
0 comments, 15/04/2017, by , in Technology

April 14th 2017, WikiLeaks publishes six documents from the CIA’s HIVE Project created by its “Embedded Development Branch” (EDB).

CIA V7 HIVE

CIA HIVE malware transfers information and operation to CIA computers

HIVE is a back-end infrastructure malware with a public-facing HTTPS interface which is used by CIA implants to transfer exfiltrated information from target machines to the CIA and to receive commands from its operators to execute specific tasks on the targets. HIVE is used across multiple malware implants and CIA operations. The public HTTPS interface utilizes unsuspicious-looking cover domains to hide its presence.

Anti-Virus companies and forensic experts have noticed that some possible state-actor malware used such kind of back-end infrastructure by analyzing the communication behavior of these specific implants, but were unable to attribute the back-end (and therefore the implant itself) to operations run by the CIA. In a recent blog post by Symantec, that was able to attribute the “Longhorn” activities to the CIA based on the Vault 7, such back-end infrastructure is described:

For C&C servers, Longhorn typically configures a specific domain and IP address combination per target. The domains appear to be registered by the attackers; however they use privacy services to hide their real identity. The IP addresses are typically owned by legitimate companies offering virtual private server (VPS) or webhosting services. The malware communicates with C&C servers over HTTPS using a custom underlying cryptographic protocol to protect communications from identification.

The documents from this publication might further enable anti-malware researchers and forensic experts to analyze this kind of communication between malware implants and back-end servers used in previous illegal activities.

Edited by NHN

Leaked Documents

HIVE Project

Users Guide

Developers Guide

Remaining HIVE Documents

About admin

Any article submitted to NHN from a freelance author or news wire service is published on the NHN website by a staff writer/editor. Author by-line and profiles are included in the article if provided by author.