Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


WikiLeaks Dumps CIA Tool Angelfire


WikiLeaks the organization that opposes secrecy posted on August 31 one more set of files that allegedly belonged to the CIA (Central Intelligence Agency) of United States, the most recent that pays greater attention to a framework utilized for contaminating computers running various operating systems of Windows.


Angelfire, software from CIA, got unveiled during the posting. It contains one framework of 5 sections which keeps certain backdoor persistently on a contaminated PC as well as runs custom implants with which the intelligence agency gains an increased admission into the system.


Specifically, Angelfire works in 5 stages, every time letting the agency acquire deeper access of the contaminated system for continuously gaining admission into data and files the targeted computer holds.


The five parts of Angelfire are Windows Transitory File system, BadMFS, Keystone, Wolfcreek and Solartime. These individually act like a tool which makes malicious software navigate throughout the targeted device which together builds one stubborn framework capable of loading as well as running custom implants onto the PC using Microsoft's Windows OS. Scmagazine.com posted this, August 31, 2017.


The documents posted tell that Angelfire's functioning is via 64-bit and 32-bit editions of Windows 7 and XP, as well as via Windows Server 2008 R2 version 64-bit. The said processes, according to WikiLeaks, are visible within task manager of Windows operating system provided the OS has been loaded within a separate path else onto one separate partition.


BadMFS has been described as one treacherous file system fastened at an active section's end, the section that holds the implants as well as drives which Wolfcreek starts. With encryption and disguise, the files eschew header scanners of PE (portable executable) kind which security researchers utilize for investigating malevolent payloads within Windows Portable Executable format.


Angelfire's installation done via Windows Transitory File is the latest way. The system lets the U.S. intelligence agency's spying officers open transitory files that would do specific tasks, like loading Angelfire, eliminating files and/or adding them to the malicious software, etc.


Angelfire comparatively is less sophisticated than other hacking programs of CIA that WikiLeaks exposed; its elements evidently detectable by security software.

» SPAMfighter News - 9/7/2017

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page