WikiLeaks reveals CIA's Imperial hacking project targeting Mac and Linux
WikiLeaks has published the latest of its Vault 7 CIA leaks, this time looking at a project going by the name Imperial. The project is made up of three tools: Achilles and SeaPea which target OS X, and Aeris which targets various flavors of Linux, including RedHat, Debian and CentOS.
User guides relating to the two Mac tools date from mid-2011 and show they can be used to Trojanize an OS X disk image or install a persistent rootkit. Aeris was designed to provide a backdoor into Linux-based systems.
This time around, the documentation is far shorter and sparser than with previous leaks. In the case of Achilles, the CIA worked out how to infect a software disk image to install a Trojan on a target computer, and to then automatically remove signs of the malware from the image to prevent detection. SeaPea is a rootkit disguised as an iTunes component, and can survive system reboots. Finally, Aeris targets Linux systems and is used to secretly extract data from computers.
WikiLeaks offers the following description for the latest documents:
Achilles is a capability that provides an operator the ability to trojan an OS X disk image (.dmg) installer with one or more desired operator specified executables for a one-time execution.
Aeris is an automated implant written in C that supports a number of POSIX-based systems (Debian, RHEL, Solaris, FreeBSD, CentOS). It supports automated file exfiltration, configurable beacon interval and jitter, standalone and Collide-based HTTPS LP support and SMTP protocol support -- all with TLS encrypted communications with mutual authentication. It is compatible with the NOD Cryptographic Specification and provides structured command and control that is similar to that used by several Windows implants.
SeaPea is an OS X Rootkit that provides stealth and tool launching capabilities. It hides files/directories, socket connections and/or processes. It runs on Mac OSX 10.6 and 10.7.
You can find out more over on the WikiLeaks page for the Imperial project.
Image credit: ZaZa Studio / Shutterstock