In the latest release from their CIA Vault 7 series, WikiLeaks has revealed a collection of Mac and Linux hacking tools known as “Project Imperial.”
WikiLeaks’ latest release in their CIA Vault 7 series details a number of advanced hacking tools that fall under the title of “Project Imperial.” The programs “Achilles” and “SeaPea” both target MacOS while the “Aeris” program targets Linux based systems. The WikiLeaks release page states that CIA agents can use Achilles to, “Trojan an OS X disk image (.dmg) installer with one or more desired operator specified executables for a one-time execution.”
SeaPea however, acts as a MacOS rootkit, infiltrating OSX systems once they’re rebooted. WikiLeaks states that SeaPea, “provides stealth and tool-launching capabilities,” allowing CIA agents to infiltrate and control targets computers without their knowledge. The Linux Aeris program is a malware that attacks Linux distributions such as Debian, CentOS, Red Hat, FreeBSD and Solaris Unix. The Linux malware includes data transferring capabilities and can commit custom attacks.
Discussing the Aeris program WikiLeaks states, “Aeris is an automated implant written in C that supports a number of POSIX-based systems (Debian, Red Hat, Solaris, FreeBSD, [and] CentOS]),” the release page continues to state, “It supports automated file exfiltration, configurable beacon interval and jitter, standalone Collide-based HTTPS LP support and SMTP protocol support – all with TLS encrypted communications with mutual authentication. It is compatible with the NOD cryptographic specification and provides structured command and control that is similar to that used by several Windows implants.”
The full user guide to all of the hacking tools included in the Project Imperial group can be found on the WikiLeaks release page here.