Shortly after charges against Julian Assange was dropped he promised that the war against the CIA was just starting. It seems Microsoft’s Windows operating system is set to be a casualty of the attack, as WikiLeaks has just released information on a new vulnerability that targets the operating system.
The new leak, who’s code is not yet available, is codenamed Athena and targets all version of Windows, from Windows XP to Windows 10, and was released in August 2015, shortly after Windows 10 itself, and created in part by the private New Hampshire-based offensive cyber security firm Siege Technologies.
It allows attackers to completely hijack computers, steal data and send it to CIA servers, delete data and upload malicious software.
“Once installed, the malware provides a beaconing capability (including configuration and task handling), the memory loading/unloading of malicious payloads for specific tasks and the delivery and retrieval of files to/from a specified directory on the target system. It allows the operator to configure settings during runtime (while the implant is on target) to customise it to an operation,” WikiLeaks said.
It was specifically designed to evade antivirus software, in particular, Kaspersky’s software.
Last week’s devastating malware attack was the result of a similar leak which was then weaponized by ransomware creators. It is likely that Microsoft has been made aware of the threats and has worked to create patches, and the best security advice is likely to use a cloud backup system with versioning, and to make sure your PC is regularly updated, which in the case of Windows 10 means not to interfere with the automatic updating system.