Another secret CIA project for compromising Windows systems has just been revealed by WikiLeaks. The new project was targeting the operating system boot sector to allow deploying more payloads.
The hacking tools of the codenamed project Angelfire targeted Windows 7 and Windows XP systems and included 5 different tools which worked together to infect computers.
The first tool is called Solartime. It is a malware component whose main purpose is modifying the boot sector to load the second module called Wolfcreek. Wolfcreek features a set of drivers which enable dumping other payloads like applications and other drivers.
The third component is named Keystone and it was specifically deployed by the CIA because it let agents deploy additional malware on the infected systems.
The fourth component is called BadMFS and it represented a file system which stores all the other components encrypted and obfuscated.
The last component is named Windows Transitory File System. According to WikiLeaks, it was created as an alternative to BadMFS and its purpose was to use temporary files instead of relying on a file system which stores information locally.
WikiLeaks experts say that despite the complex components which Angelfire featured, the hacking tools could be discovered quite easily, due to a number of issues which were acknowledged in the leaked manuals by the CIA themselves.
For instance, the Keystone component disguised itself as a copy of svchost.exe and it was always located in C:\Windows\system32. Thus, in case the operating system was installed on a different partition or location, the process could have triggered further analysis.
Also, the BadMFS file system created the co called “zf” file which users might have noticed while working on their computers.
Last but not least, is the CIA alert that a potential crash of any of the above-mentioned components would have triggered visible notifications.
There are no dates on the files, however, considering the fact that Angelfire was targeting Windows 7 and Windows XP systems, there’s a possibility that the project was developed earlier than the release of Windows 8.
