How the CIA gained access to air-gapped computers 

A new WikiLeaks release of documents believed to have been stolen from the CIA show the intelligence agency’s capability to infect air-gapped computers and networks via booby-trapped USB sticks.The Brutal Kangaroo projectThe agency would start by infecting an Internet-connected computer inside the target organizations with malware, which would infect inserted USB sticks with another piece of malware. If such a USB is ultimately inserted in the air-gapped computer, it will get infected with exfiltration/survey malware.“The Brutal Kangaroo project consists of the following components: Drifting Deadline is the thumbdrive infection tool, Shattered Assurance is a server tool that handles automated infection of thumbdrives (as the primary mode of propagation for the Brutal Kangaroo suite), Broken Promise is the Brutal Kangaroo postprocessor (to evaluate collected information) and Shadow is the primary persistence mechanism (a stage 2 tool that is distributed across a closed network and acts as a covert command-and-control network,” WikiLeaks summarized.

Source: How the CIA gained access to air-gapped computers – Help Net Security

Categories: Uncategorized

Post navigation

Comments are closed.

Create a free website or blog at

%d bloggers like this: