Wikileaks Releases Documents Exposing Raytheon
Raytheon, the weapons manufacturing group and defense contracting organization was in the cross-hairs of the latest edition of the Wikileaks "Vault 7" release, publishing documents that confirm a "cozy malware relationship" between the war profiteer and the CIA. The documents detailed evidence suggesting that with the assistance of the CIA, Raytheon was intending to develop its own malware. The latest release states that "Raytheon Blackbird Technologies acted as a kind of technology scout for the remote development branch (RDB)...", and goes on to detail the role played by the company in analyzing attacks and using collected information in the development of the CIA's own malware project.
Raytheon detailed a type of Remote Access tool(RAT), according to the report, likely designed in 2015 and used by "Emissary Panda", a Chinese espionage group. This "RAT" is said to capture keystrokes in an effort to spy on users of Internet Explorer. These leaks also detail a variant of the same, also known as IsSpace, equipped with Adobe Flash "zero day exploit" technology, allowing it to examine proxy credentials, and bypass Windows firewalls. This also was reportedly used by another Chinese hacking group known as "Samurai Panda". Bear in mind that users of Internet Explorer are already at risk of the government having access to the login credentials of their frequently visited sites. One report also details "Regin", a state-sponsored surveillance mechanism referred to, even by the report itself, as "a malware sample", designed for data collection and surveillance.
There is also "HammerToss", detailed by the report as an "interesting piece of malware" due to its construction. It is suspected to have originated in Russia, as state-sponsored malware there. This virus penetrates Twitter, GitHub, and cloud storage capability associated with the targeted device. After Hammertoss has infiltrated the targeted device, it is then able to command it.
Finally, there is "Gamker", described as an information-stealing trojan which apparently uses a simple encryption method and inserts a basic copy of itself with a random filename, gathering surveillance on the victim and exhibiting "other trojan behaviors".