Wikileaks releases ‘Dark Matter’ the latest batch of documents in the #Vault7 series.

March 23rd, 2017  – Wikileaks has released CIA Vault7 “Dark Matter,” and the newest leak contains several documents of CIA projects that infect Apple Mac computer firmware. Developed by the CIA’s embedded Development Branch (EDB), these documents explain the techniques used by the CIA to gain ‘persistence’ on Apple Mac devices and iPhones. This means that the infection persists even if the operating system is reinstalled.

Sonic Screwdriver 

Included in these documents are projects such as “Sonic Screwdriver“, among others. Explained by the CIA, this project is a “mechanism for executing code on peripheral devices while a mac laptop or desktop is booting” allowing an attacker to boot its attack software, as an example, from a USB stick, “even when a firmware password is enabled”. The Sonic Screwdriver infector is stored on the modified firmware of an Apple Thunderbolt-to-Ethernet adapter.

Dark Sea Skies

DarkSeaSkies” is “an implant that persists in the EFI firmware of an Apple MacBook Air computer” and consists of “DarkMatter”, “SeaPea” and “NightSkies”, respectively EFI, kernel-space and user-space implants.

Triton, Dark Mallet, DerStake1.4

Documents included on the “Triton” MacOSX malware, it’s infector “Dark mallet” and it’s EFI-persistent version “DerStake” can also be found in this release. DerStake1.4 manual released today dates to 2013, other Vault 7 documents display that as of 2016 the CIA is continuing to rely on and update these systems. The production of DerStake2.0 is currently taking place.

NightSkies 1.2

The release also contains the manual for the CIA’s “NightSkies 1.2” a “beacon/loader/implant tool”, for the Apple iPhone. Note that NightSkies reached 1.2 by 2008 and is expressly designed to be physically installed onto factory restored phones.  The iPhone supply chain is targeted and has been infected by the CIA since 2008.

While in the custody of a target, CIA assets are sometimes used to physically infect systems. It is very likely that many CIA physical access attacks have infected the targeted organization’s supply chain by interdicting mail orders and other shipments. Meaning to open, infect and resend which then leaves the United States or otherwise.


OH YEAH, since we are not corporate or government owned help us out here.

YOU CAN ALSO SUPPORT US ON

We gratefully accept Crypto Coins

Dash – XiZebHViTKxjngJ8U8Gekbz34XDcMjKe29
Bitcoin – 1F6oeUnhXfr5UMC95apbJg7CLjm3BUrT8V
ETH – 0x9124589c4eAD555F04a7214214c86EA80E129abB

FOLLOW WEARECHANGE ON SOCIAL MEDIA

WEARECHANGE MERCHANDISE

https://wearechange.org/store

https://teespring.com/stores/wearechange/