Meet Athena, the latest file unearthed in WikiLeak’s Vault 7 inventory of CIA hacking tools. Athena is a surveillance (spying) tool which has been created to capture communications from computers running Windows XP to machines on Windows 10, researchers say.
According to WikiLeaks:
“Athena” – like the related “Hera” system – provides remote beacon and loader capabilities on target computers running the Microsoft Windows operating system (from Windows XP to Windows 10). Once installed, the malware provides a beaconing capability (including configuration and task handling), the memory loading/unloading of malicious payloads for specific tasks and the delivery and retrieval of files to/from a specified directory on the target system. It allows the operator to configure settings during runtime (while the implant is on target) to customize it to an operation.
Athena Surveillance Tool Created with the Help of Siege Technologies?
The Athena malware is said to have been coined together with US cybersecurity company Siege Technologies: “the malware was developed by the CIA in cooperation with Siege Technologies, a self-proclaimed cyber security company based in New Hampshire, US”.
Apparently, Jason Syversen, founder of Siege Technologies, has previously said that he feels “more comfortable working on electronic warfare“, noting that “it’s a little different than bombs and nuclear weapons – that’s a morally complex field to be in. Now instead of bombing things and having collateral damage, you can really reduce civilian casualties, which is a win for everybody.”
Athena Malware In Detail
The Athena malware is the 9th release of CIA hacking tools leaked in Vault 7 and revealed by WikiLeaks. WikiLeaks has been unearthing one tool at the end of every week over the course of the last couple of months. Athena is a tool for both mobile and desktop environments. It has been described as a very simple implant application offering remote access to targeted systems. In addition to the remote access capability, the surveillance tool can be deployed to distribute a payload. This way files can be delivered and retrieved from a directory of the host.
The leaked documents also reveal that the targeted operating systems are Windows XP Pro SP3 32-bit (Athena malware only), Windows 7 32-bit/64-bit, Windows 8.1 32- bit/64-bit, Windows 2008 Enterprise Server, Windows 2012 Server, and Windows 10. However, Windows 8 to Windows 10 can also be targeted thanks to a separate implementation dubbed Hera, or Athena-Bravo.
Athena is designed to gain persistence through the Windows Remote Access service. Hera on the other hand is designed to use the Dnscache service. There are several ways to deliver the malware such as remote installation, the supply chain, via an asset, or with the help of a tool dubbed Windex. Windex has already been described in previous WikiLeaks leaks.