Last Friday, Wikileaks released the documentation for AfterMidnight and Assassin malware platforms, today the organization leaked a new batch of the CIA Vault 7 dump that includes the documentation related to a spyware framework dubbed Athena /Hera.
The batch of CIA files includes a user manual of the Athena platform, an overview of the technology, and a demo on how to use the malware.
Reading the documents it is possible to discover that any Windows systems could be infected by the two spyware, Athena works for XP through Windows 10 and Hera for Windows 8 through Windows 10.
“The Athena System fulfills COG/NOD’s need for a remote beacon/loader. Table 2 shows the system components available in Athena/Hera v1.0. The target computer operating systems are Windows XP Pro SP3 32-bit (Athena only), Windows 7 32-bit/64-bit, Windows 8.1 32- bit/64-bit, Windows 2008 Enterprise Server, Windows 2012 Server, and Windows 10.” reads the system overview included in the user guide. “Ubuntu v14.04 is the validated Linux version. Apache 2.4 is the validated web server for the Listening Post.”
The Athena spyware was written in Python, is seems to be dated back August 2015, if confirmed it is worrying news because Microsoft released Windows 10 in July 2015.
Athena is the result of a joint work of CIA developers and peers at cyber security firm Siege Technologies that is specialized in offensive cyber security.
“Athena is a beacon loader developed with Siege Technologies. At the core it is a very simple implant application. It runs in user space and beacons from the srvhost process. The following diagram shows the concept of operation.” states the Athena Technology Overview.
The documents leaked by Wikileaks reveals that ability of the Athena spyware to modify its configuration in real time, customizing it to a specific operation.
“Once installed, the malware provides a beaconing capability (including configuration and task handling), the memory loading/unloading of malicious payloads for specific tasks and the delivery and retrieval of files to/from a specified directory on the target system,” WikiLeaks claims.
However, WikiLeaks has not provided any detail about the operations being conducted by the agency using Athena, but it is not hard to imagine how the intelligence agency would be using this program to spy on their targets.
Below the list of the mail dumps leaked by WikiLeaks:
(Security Affairs – Athena Spyware, hacking)