The latest file revealed in WikiLeaks’ Vault 7 catalog of CIA hacking toolkit is Athena, a surveillance tool apparently designed to capture communications from Windows XP to Windows 10 machines.
Details of the Athena malware are available in a document allegedly created by the CIA in November 2015. The malware is said to have been made in conjunction with US cybersecurity firm Siege Technologies, which was acquired by Nehemiah Security late last year.
Athena is the ninth Vault 7 release of CIA hacking tools for mobile and desktop systems. WikiLeaks has been revealing one tool at the end of each week over the past two months.
As noted in the documents, Athena is “a very simple implant application” that offers remote access to the target machine. The malware can be used to deliver a payload so that files can be delivered to and retrieved from a directory of the host.
“The target computer operating systems are Windows XP Pro SP3 32-bit (Athena only), Windows 7 32-bit/64-bit, Windows 8.1 32- bit/64-bit, Windows 2008 Enterprise Server, Windows 2012 Server, and Windows 10,” the documents note.
There’s a separate implementation of the malware called Hera, or Athena-Bravo, that supports Windows 8 to Windows 10.
Athena, which is also called Athena-Alpha, gains persistence via the Windows RemoteAccess service, while Hera/Athena-Bravo uses the Dnscache service.
The documents outline several ways to deliver the malware including remote installation, the supply chain, via an “asset”, or with a tool called Windex detailed in earlier WikiLeaks releases.
WikiLeaks highlights an interview that Siege Technologies founder Jason Syversen gave Bloomberg in 2014, in which he justifies the creation of cyber weapons.
“I feel more comfortable working on electronic warfare,” he said. “It’s a little different than bombs and nuclear weapons — that’s a morally complex field to be in. Now instead of bombing things and having collateral damage, you can really reduce civilian casualties, which is a win for everybody.”