Wikileaks has published 6 new documents disclosing information about Hive, a back-end infrastructure used to manage CIA implants
7 months ago 0
Short Bytes: The non-profit whistleblower Wikileaks has published 6 new documents disclosing information about Hive, a back-end infrastructure used to manage CIA implants. It is used to transfer data collected by implants to CIA and ask the implant to run specified commands. A public HTTPS interface is used to hide Hive in plain site.
Before you read further, you might want to go take a refresher of the Vault 7 stories happened till now:
Hive is basically a back-end infrastructure designed by CIA to keep an eye on their malware implants out there in the wild. According to Wikileaks, it’s used by “CIA implants to transfer exfiltrated information from target machines to the CIA and to receive commands from its operators to execute tasks on targets.”
The user guide included in the documents describes two primary Hive functions as “beacon” and “interactive shell”. It further says that the functions, “limited in features”, behave like a launchpad for other “full featured tools.”
Hive provides implants for various CPU architectures and operating systems, including Windows (XP, Server 2000/2003), Linux x86, Solaris, Mikrotik, etc.
The release of the documents related to Hive also facilitates the missing string to a recent finding by Symantec researchers. Although, not naming directly, they were able to link 40 cyber attacks conducted by Longhorn to CIA after analyzing the Vault 7 documents.
They indicated the possibility of a “nation-state attacker” behind such attacks, considering the type of organizations targeted. Now, according to Wikileaks, the back-end infrastructure described in Hive documents resembles the one mentioned by Symantec researchers in their blog post.
If you have something to add, drop your thoughts and feedback.