Wikileaks Unveils CIA Implants that Steal SSH Credentials from Windows & Linux PCs

WikiLeaks has today published the 15th batch of its ongoing Vault 7 leak, this time detailing two alleged CIA implants that allowed the agency to intercept and exfiltrate SSH (Secure Shell) credentials from targeted Windows and Linux operating systems.
BothanSpy implant is for Microsoft Windows Xshell client. Gyrfalcon targets the OpenSSH client on various distributions of Linux OS: CentOS, Debian, RHEL (Red Hat), openSUSE and Ubuntu.
Both implants steal user credentials for all active SSH sessions and then sends them to a CIA-controlled server.


Be the first to post a comment.

Leave a Comment

Your email address will not be published. Required fields are marked *