Skip to main content

Brutal Kangaroo: How CIA Hacked Offline Computers Using Infected USB Drives

cia kangaroo
Brutal Kangaroo malware is the latest addition to the ongoing WikiLeaks Vault 7 leaks. Published earlier this week, the leaked documents show how the CIA hacked offline and air-gapped computers using USB drives. Brutal Kangaroo is basically a combination of 4
tools which work together. The malware used Windows operating system vulnerabilities to targeted air-gapped computers.
Earlier this month, we told you about the latest leak in the WikiLeaks Vault 7 series. The leaked CherryBlossom firmware was made for taking control of the traffic by finding its way into network routers. Now, WikiLeaks has published the new set of secret documents of which further shed light on CIA’s hacking operations.
The latest documents are 150 pages in length, and they describe a CIA malware toolkit named Brutal Kangaroo for taking control of air-gapped computers by using specialized USB drives. According to WikiLeaks, the components of Brutal Kangaroo create a covert network within the target network, which makes the job easier.
It should be noted that Brutal Kangaroo contains 4 chief components — Drifting Deadline (thumb drive infection tool), Shattered Assurance (server tools for handling thumb drive infection), Broken Promise (postprocessor to take care of the collected information), Shadow (primary persistence mechanism).

brutal kangaroo malware cia 1
Image: WikiLeaks

Brutal Kangaroo is able to infect USB thumb drives using a Windows operating system flaw which can be exploited by hand-crafted link files. In the next step, when an infected drive is inserted in the target computer using Windows 7 and .Net 4.5, Drifting Deadline component deploys the malware.
After infection, Shadow scans the other computers connected to the network and infects them. Lastly, Broken Promise scans the data from the air-gapped devices and exfiltrate it.

brutal kangaroo malware cia 1
Image: WikiLeaks

Brutal Kangaroo malware also supports multiple infections in the same network by using Shadow component. If we combine all the components of Brutal Kangaroo together, it becomes a very useful tool to hack the air-gapped machines.
You can read Brutal Kangaroo’s user manual leaked by WikiLeaks here and get more information about the attack. Find our complete WikiLeaks Vault 7 coverage here.



Fappening 2.0 Continues: Modern Family Actress Sarah Hyland Has Become The Latest Victim Of Notorious Hackers [Private Photos, Video Leaked]

Modern Family actress Sarah Hyland has become the latest victim of notorious hackers. Her private pictures and video have been posted online on infamous website Celeb Jihad. According to media sources, Sarah’s lawyers are planning to take legal action against the websites who choose to publish the leaked material. Meanwhile, the actual powers behind the leak are unknown.

Samsung Overtakes Fitbit In Wearable Sales For First Time

Fitbit has been a top competitor on the global wearable market for a long time, but the South Korea giant Samsung managed to steal the silver crown of the wearable market from Fitbit. According to Strategy Analytics, Samsung gained the

Supermassive Black Holes Found Orbiting Each Other For The First Time

Image Credit: UCR Researchers from Stanford University have identified super-massive binary black holes at the center of Galaxy 0402+379 about 750 billion light years away. The two of the black holes are just 24 light years apart and one of them is orbiting the other. This is the first

Owners Of The Samsung Gear S3 In The United Kingdom Have Finally Received A Software Update That Enables Support For Samsung Pay

Owners of the Samsung Gear S3 in the United Kingdom have finally received a software update that enables support for Samsung Pay. Starting today, users will be able to use the Gear S3 smartwatch to make payments on all contactless