WikiLeaks releases new round of CIA malware documents, this time with less supporting material

Photo by: Cancillería del Ecuador / CC2.0


Written by

WikiLeaks released a new set of CIA cyberwarfare documents on Thursday, marking the 10th installation in the two-month-old Vault 7 series.

This publication focuses on Pandemic, a CIA project that infects networks of Windows machines through the Server Message Block (SMB) file sharing protocol with trojanized versions of software that can mean complete compromise of targeted devices. The documents date from April 2014 to January 2015.

The latest release contains less contextual data and documents than most previous Vault 7 publications, prompting questions from experts about the exact operation of the Pandemic malware. For example: How does it get into the Windows kernel in order to replace normal files with spyware? And why is this document dump seemingly less complete than others?

“Why it’s missing is anyone’s guess,” Williams said. “But you don’t see the operator manual, etc. Everything else, with the exception of MARBLE (which is a library) has a user guide. This does not. Why not?”

WikiLeaks did not respond to questions asked via Twitter.

Last month, Sweden announced the end of the rape investigation into WikiLeaks founder Julian Assange. British authorities still have a warrant out for the Australian hackers’ arrest and American officials have stayed mum on their own potential charges against Assange who continues to live in the Ecuadorian embassy in London.


Despite a still-unfurling trove of documents from one of the most prominent intelligence agencies on earth, the Vault 7 series has fallen relatively quiet when compared to its previous pace and the work of contemporaneous work of groups like the Shadow Brokers.

Over the course of two months of publishing Vault 7, WikiLeaks has been accused by cybersecurity professionals of making misleading claims about encrypted messengers like Signal and the contents of CIA code.

The exception has been outlets like RT, the Russian state-owned news website, that has covered each Vault 7 installation quickly and without a critical eye. It parroted WikiLeaks’ unsubstantiated claim that Signal and WhatsApp are broken.

CyberScoop is continuing a review of the documents and will update this story if necessary.

-In this Story-

CIA, hacking, hacking tools, malware, Microsoft, Pandemic, Vault 7, WikiLeaks, Windows, worm