WikiLeaks says it has published the source code for the CIA hacking tool ‘Hive,’ which indicates that the agency-operated malware could mask itself under fake certificates and impersonate public companies, namely Russian cybersecurity firm Kaspersky Lab.
The CIA multi-platform hacking suite ‘Hive’ was able to impersonate existing entities to conceal suspicious traffic from the user being spied on, the source code of the malicious program indicates, WikiLeaks said on Thursday.
The extraction of information would therefore be misattributed to an impersonated company, and at least three examples in the code show that Hive is able to impersonate Russian cybersecurity company Kaspersky Lab, WikiLeaks stated.
“If the target organization looks at the network traffic coming out of its network, it is likely to misattribute the CIA exfiltration of data to uninvolved entities whose identities have been impersonated,” WikiLeaks said in a statement.
WikiLeaks began to publish documents on Hive in April this year, exposing the elaborate malware suite used by the CIA to hack, record and even control modern hi-tech appliances worldwide. Kaspersky Lab has repeatedly been accused by US officials of being involved in alleged Russian state-run hacking of the US presidential election.
WikiLeaks began to publish ‘Hive’ documents in April this year, exposing the elaborated malware suite used by the CIA to hack, record and even control modern hi-tech appliances worldwide. The most recent revelations are particularly interesting, as Kaspersky Lab has been repeatedly accused by US officials of being involved in the alleged Russian state-supervised hacking plot.
In September, the US Department of Homeland Security (DHS) ordered all government agencies to stop using the company’s products and remove them from computers, citing “information security risks presented by the use of Kaspersky products on federal information systems.” Kaspersky Lab has repeatedly denied cooperating with any government entity including Russia, stating that its products simply cannot be used for spying as they lack any functionality beyond the advertised one. In an unprecedented move, the company even opened its source code to independent review last month.