An air-gapped computer or network is a machine or network that is completely isolated from the outside to safeguard safety. For this, they are not connected to the Internet or any computer or device due to which they are more difficult to hack. In addition, it usually has additional security systems to prevent the intrusion of external agents. Examples of air gapped equipment or networks are found in machines that process credit or debit card transactions in retail, military, or industrial control systems operating with critical infrastructure. According to Wikileaks, the CIA used Brutal Kangaroo to be able to sneak into these computers or secure networks. It is composed of a set of tools that use a contaminated USB memory to enter the machines, in order to create a custom hidden network within the target network. Once inside, the malware is able to execute code remotely. The documents leaked by Wikileaks describe how the CIA managed to infiltrate computers and air-gapped networks within an organization without having any direct access to it. The first step is to infect a computer connected to the Internet within the company, which is called the primary host. Once Brutal Kangaroo is installed on the initial PC, the malware contaminates with a virus other than any USB memory or removable hard disk that connects. After that, you only have to wait for a member of the organization to use the unit to connect to the air-gapped network. If multiple computers in the closed network fall under the control of the CIA, they will create a covert network to coordinate tasks and exchange data, in a similar way as the Stuxnet worm does.
The Brutal Kangaroo project is composed of several components:-
Drifting Deadline: USB memory infection tool. Shattered Assurance: Server tool that manages the automated infection of storage units. Broken Promise: System that evaluates the collected information. Shadow: A mechanism that acts as a covert C & C network.
Brutal Kangaroo takes advantage of a Windows vulnerability that can be exploited by links to handmade files that load and execute programs without user interaction. So, what do you think about this? Simply share your views and thoughts in the comment section below.