Wikileaks has published fresh documents that deal with the CIA’s hacking and spying on Linux machines using a malware strain called OutlawCountry. This tool consists of a kernel module that creates invisible netfilter table for creating new rules with iptables command. Those rules can modify and redirect the network traffic.
The OutlawCountry’s prerequisites for operation are a compatible 64-bit CentOS/RHEL 6.x operating system (Linux 2.6 kernel), shell access and root access to the target. The target must have a “nat” netfilter table.
You can read further details about OutlawCountry in this user manual.