The WikiLeaks whistleblowing platform released Thursday new documents on the CIA tool called Angelfire. It is an implant comprising of five components: Solartime, Wolfcreek, Keystone (previously MagicWand), BadMFS, and the Windows Transitory File system, according to Wikileaks.
The CIA reportedly uses Angelfire to load and execute malicious user applications on target computers. One of tool's components modifies the boot sector, allowing the implants to be downloaded simultaneously with Windows' boot time device drivers. Loaded implants never touch the file system, so it is rather difficult to track the process.
"Like previously published CIA projects (Grasshopper and AfterMidnight) in the Vault7 series, it is a persistent framework that can load and execute custom implants on target computers running the Microsoft Windows operating system (XP or Win7)," the statement from Wikileaks reads.
The publictaions are made as part of the Vault 7 project, a large archive of CIA-related classified documents that Wikieaks has obtained. The platform released the first batch of the documents in March, containing a total of 8,761 documents.
According to the website, a large archive comprising various viruses, malware, software vulnerability hacks and relevant documentation, was uncovered by US government hackers, which is how WikiLeaks gained access to some of the data from the trove.